// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.

#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]
#![no_implicit_prelude]
extern crate async_trait;
extern crate bytes;
extern crate gax;
extern crate gaxi;
extern crate gtype;
extern crate iam_v1;
extern crate lazy_static;
extern crate location;
extern crate longrunning;
extern crate lro;
extern crate reqwest;
extern crate serde;
extern crate serde_json;
extern crate serde_with;
extern crate std;
extern crate tracing;
extern crate wkt;

mod debug;
mod deserialize;
mod serialize;

/// A
/// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
/// represents an individual Certificate Authority. A
/// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
/// can be used to create
/// [Certificates][google.cloud.security.privateca.v1.Certificate].
///
/// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
/// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateAuthority {
    /// Identifier. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    /// Required. Immutable. The
    /// [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
    /// this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CertificateAuthority.Type]: crate::model::certificate_authority::Type
    pub r#type: crate::model::certificate_authority::Type,

    /// Required. Immutable. The config used to create a self-signed X.509
    /// certificate or CSR.
    pub config: std::option::Option<crate::model::CertificateConfig>,

    /// Required. Immutable. The desired lifetime of the CA certificate. Used to
    /// create the "not_before_time" and "not_after_time" fields inside an X.509
    /// certificate.
    pub lifetime: std::option::Option<wkt::Duration>,

    /// Required. Immutable. Used when issuing certificates for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
    /// If this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// is a self-signed CertificateAuthority, this key is also used to sign the
    /// self-signed CA certificate. Otherwise, it is used to sign a CSR.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub key_spec: std::option::Option<crate::model::certificate_authority::KeyVersionSpec>,

    /// Optional. If this is a subordinate
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
    /// this field will be set with the subordinate configuration, which describes
    /// its issuers. This may be updated, but this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// must continue to validate.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub subordinate_config: std::option::Option<crate::model::SubordinateConfig>,

    /// Output only. The
    /// [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.Tier]: crate::model::ca_pool::Tier
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub tier: crate::model::ca_pool::Tier,

    /// Output only. The
    /// [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
    /// this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CertificateAuthority.State]: crate::model::certificate_authority::State
    pub state: crate::model::certificate_authority::State,

    /// Output only. This
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
    /// certificate chain, including the current
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
    /// certificate. Ordered such that the root issuer is the final element
    /// (consistent with RFC 5246). For a self-signed CA, this will only list the
    /// current
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
    /// certificate.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub pem_ca_certificates: std::vec::Vec<std::string::String>,

    /// Output only. A structured description of this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
    /// CA certificate and its issuers. Ordered as self-to-root.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub ca_certificate_descriptions: std::vec::Vec<crate::model::CertificateDescription>,

    /// Immutable. The name of a Cloud Storage bucket where this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// will publish content, such as the CA certificate and CRLs. This must be a
    /// bucket name, without any prefixes (such as `gs://`) or suffixes (such as
    /// `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
    /// would simply specify `my-bucket`. If not specified, a managed bucket will
    /// be created.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub gcs_bucket: std::string::String,

    /// Output only. URLs for accessing content published by this CA, such as the
    /// CA certificate and CRLs.
    pub access_urls: std::option::Option<crate::model::certificate_authority::AccessUrls>,

    /// Output only. The time at which this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// was created.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// was last updated.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// was soft deleted, if it is in the
    /// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
    /// state.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]: crate::model::certificate_authority::State::Deleted
    pub delete_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// will be permanently purged, if it is in the
    /// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
    /// state.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]: crate::model::certificate_authority::State::Deleted
    pub expire_time: std::option::Option<wkt::Timestamp>,

    /// Optional. Labels with user-defined metadata.
    pub labels: std::collections::HashMap<std::string::String, std::string::String>,

    /// Optional. User-defined URLs for CA certificate and CRLs. The service does
    /// not publish content to these URLs. It is up to the user to mirror content
    /// to these URLs.
    pub user_defined_access_urls:
        std::option::Option<crate::model::certificate_authority::UserDefinedAccessUrls>,

    /// Output only. Reserved for future use.
    pub satisfies_pzs: bool,

    /// Output only. Reserved for future use.
    pub satisfies_pzi: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateAuthority {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::CertificateAuthority::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [r#type][crate::model::CertificateAuthority::type].
    pub fn set_type<T: std::convert::Into<crate::model::certificate_authority::Type>>(
        mut self,
        v: T,
    ) -> Self {
        self.r#type = v.into();
        self
    }

    /// Sets the value of [config][crate::model::CertificateAuthority::config].
    pub fn set_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateConfig>,
    {
        self.config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [config][crate::model::CertificateAuthority::config].
    pub fn set_or_clear_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateConfig>,
    {
        self.config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [lifetime][crate::model::CertificateAuthority::lifetime].
    pub fn set_lifetime<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.lifetime = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [lifetime][crate::model::CertificateAuthority::lifetime].
    pub fn set_or_clear_lifetime<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.lifetime = v.map(|x| x.into());
        self
    }

    /// Sets the value of [key_spec][crate::model::CertificateAuthority::key_spec].
    pub fn set_key_spec<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_authority::KeyVersionSpec>,
    {
        self.key_spec = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [key_spec][crate::model::CertificateAuthority::key_spec].
    pub fn set_or_clear_key_spec<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_authority::KeyVersionSpec>,
    {
        self.key_spec = v.map(|x| x.into());
        self
    }

    /// Sets the value of [subordinate_config][crate::model::CertificateAuthority::subordinate_config].
    pub fn set_subordinate_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::SubordinateConfig>,
    {
        self.subordinate_config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [subordinate_config][crate::model::CertificateAuthority::subordinate_config].
    pub fn set_or_clear_subordinate_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::SubordinateConfig>,
    {
        self.subordinate_config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [tier][crate::model::CertificateAuthority::tier].
    pub fn set_tier<T: std::convert::Into<crate::model::ca_pool::Tier>>(mut self, v: T) -> Self {
        self.tier = v.into();
        self
    }

    /// Sets the value of [state][crate::model::CertificateAuthority::state].
    pub fn set_state<T: std::convert::Into<crate::model::certificate_authority::State>>(
        mut self,
        v: T,
    ) -> Self {
        self.state = v.into();
        self
    }

    /// Sets the value of [pem_ca_certificates][crate::model::CertificateAuthority::pem_ca_certificates].
    pub fn set_pem_ca_certificates<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.pem_ca_certificates = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [ca_certificate_descriptions][crate::model::CertificateAuthority::ca_certificate_descriptions].
    pub fn set_ca_certificate_descriptions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CertificateDescription>,
    {
        use std::iter::Iterator;
        self.ca_certificate_descriptions = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [gcs_bucket][crate::model::CertificateAuthority::gcs_bucket].
    pub fn set_gcs_bucket<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.gcs_bucket = v.into();
        self
    }

    /// Sets the value of [access_urls][crate::model::CertificateAuthority::access_urls].
    pub fn set_access_urls<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_authority::AccessUrls>,
    {
        self.access_urls = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [access_urls][crate::model::CertificateAuthority::access_urls].
    pub fn set_or_clear_access_urls<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_authority::AccessUrls>,
    {
        self.access_urls = v.map(|x| x.into());
        self
    }

    /// Sets the value of [create_time][crate::model::CertificateAuthority::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::CertificateAuthority::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::CertificateAuthority::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::CertificateAuthority::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [delete_time][crate::model::CertificateAuthority::delete_time].
    pub fn set_delete_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.delete_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [delete_time][crate::model::CertificateAuthority::delete_time].
    pub fn set_or_clear_delete_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.delete_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [expire_time][crate::model::CertificateAuthority::expire_time].
    pub fn set_expire_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.expire_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [expire_time][crate::model::CertificateAuthority::expire_time].
    pub fn set_or_clear_expire_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.expire_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [labels][crate::model::CertificateAuthority::labels].
    pub fn set_labels<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.labels = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [user_defined_access_urls][crate::model::CertificateAuthority::user_defined_access_urls].
    pub fn set_user_defined_access_urls<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_authority::UserDefinedAccessUrls>,
    {
        self.user_defined_access_urls = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [user_defined_access_urls][crate::model::CertificateAuthority::user_defined_access_urls].
    pub fn set_or_clear_user_defined_access_urls<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_authority::UserDefinedAccessUrls>,
    {
        self.user_defined_access_urls = v.map(|x| x.into());
        self
    }

    /// Sets the value of [satisfies_pzs][crate::model::CertificateAuthority::satisfies_pzs].
    pub fn set_satisfies_pzs<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.satisfies_pzs = v.into();
        self
    }

    /// Sets the value of [satisfies_pzi][crate::model::CertificateAuthority::satisfies_pzi].
    pub fn set_satisfies_pzi<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.satisfies_pzi = v.into();
        self
    }
}

impl wkt::message::Message for CertificateAuthority {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateAuthority"
    }
}

/// Defines additional types related to [CertificateAuthority].
pub mod certificate_authority {
    #[allow(unused_imports)]
    use super::*;

    /// URLs where a
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// will publish content.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct AccessUrls {
        /// The URL where this
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
        /// CA certificate is published. This will only be set for CAs that have been
        /// activated.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        pub ca_certificate_access_url: std::string::String,

        /// The URLs where this
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
        /// CRLs are published. This will only be set for CAs that have been
        /// activated.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        pub crl_access_urls: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl AccessUrls {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [ca_certificate_access_url][crate::model::certificate_authority::AccessUrls::ca_certificate_access_url].
        pub fn set_ca_certificate_access_url<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.ca_certificate_access_url = v.into();
            self
        }

        /// Sets the value of [crl_access_urls][crate::model::certificate_authority::AccessUrls::crl_access_urls].
        pub fn set_crl_access_urls<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.crl_access_urls = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for AccessUrls {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls"
        }
    }

    /// A Cloud KMS key configuration that a
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// will use.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct KeyVersionSpec {
        pub key_version:
            std::option::Option<crate::model::certificate_authority::key_version_spec::KeyVersion>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl KeyVersionSpec {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [key_version][crate::model::certificate_authority::KeyVersionSpec::key_version].
        ///
        /// Note that all the setters affecting `key_version` are mutually
        /// exclusive.
        pub fn set_key_version<
            T: std::convert::Into<
                    std::option::Option<
                        crate::model::certificate_authority::key_version_spec::KeyVersion,
                    >,
                >,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.key_version = v.into();
            self
        }

        /// The value of [key_version][crate::model::certificate_authority::KeyVersionSpec::key_version]
        /// if it holds a `CloudKmsKeyVersion`, `None` if the field is not set or
        /// holds a different branch.
        pub fn cloud_kms_key_version(&self) -> std::option::Option<&std::string::String> {
            #[allow(unreachable_patterns)]
            self.key_version.as_ref().and_then(|v| match v {
                crate::model::certificate_authority::key_version_spec::KeyVersion::CloudKmsKeyVersion(v) => std::option::Option::Some(v),
                _ => std::option::Option::None,
            })
        }

        /// Sets the value of [key_version][crate::model::certificate_authority::KeyVersionSpec::key_version]
        /// to hold a `CloudKmsKeyVersion`.
        ///
        /// Note that all the setters affecting `key_version` are
        /// mutually exclusive.
        pub fn set_cloud_kms_key_version<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.key_version = std::option::Option::Some(
                crate::model::certificate_authority::key_version_spec::KeyVersion::CloudKmsKeyVersion(
                    v.into()
                )
            );
            self
        }

        /// The value of [key_version][crate::model::certificate_authority::KeyVersionSpec::key_version]
        /// if it holds a `Algorithm`, `None` if the field is not set or
        /// holds a different branch.
        pub fn algorithm(
            &self,
        ) -> std::option::Option<&crate::model::certificate_authority::SignHashAlgorithm> {
            #[allow(unreachable_patterns)]
            self.key_version.as_ref().and_then(|v| match v {
                crate::model::certificate_authority::key_version_spec::KeyVersion::Algorithm(v) => {
                    std::option::Option::Some(v)
                }
                _ => std::option::Option::None,
            })
        }

        /// Sets the value of [key_version][crate::model::certificate_authority::KeyVersionSpec::key_version]
        /// to hold a `Algorithm`.
        ///
        /// Note that all the setters affecting `key_version` are
        /// mutually exclusive.
        pub fn set_algorithm<
            T: std::convert::Into<crate::model::certificate_authority::SignHashAlgorithm>,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.key_version = std::option::Option::Some(
                crate::model::certificate_authority::key_version_spec::KeyVersion::Algorithm(
                    v.into(),
                ),
            );
            self
        }
    }

    impl wkt::message::Message for KeyVersionSpec {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec"
        }
    }

    /// Defines additional types related to [KeyVersionSpec].
    pub mod key_version_spec {
        #[allow(unused_imports)]
        use super::*;

        #[derive(Clone, Debug, PartialEq)]
        #[non_exhaustive]
        pub enum KeyVersion {
            /// The resource name for an existing Cloud KMS CryptoKeyVersion in the
            /// format
            /// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
            /// This option enables full flexibility in the key's capabilities and
            /// properties.
            CloudKmsKeyVersion(std::string::String),
            /// The algorithm to use for creating a managed Cloud KMS key for a for a
            /// simplified experience. All managed keys will be have their
            /// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
            Algorithm(crate::model::certificate_authority::SignHashAlgorithm),
        }
    }

    /// User-defined URLs for accessing content published by this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct UserDefinedAccessUrls {
        /// Optional. A list of URLs where the issuer CA certificate may be
        /// downloaded, which appears in the "Authority Information Access" extension
        /// in the certificate. If specified, the default [Cloud Storage
        /// URLs][google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.ca_certificate_access_url]
        /// will be omitted.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.ca_certificate_access_url]: crate::model::certificate_authority::AccessUrls::ca_certificate_access_url
        pub aia_issuing_certificate_urls: std::vec::Vec<std::string::String>,

        /// Optional. A list of URLs where to obtain CRL information, i.e.
        /// the DistributionPoint.fullName described by
        /// <https://tools.ietf.org/html/rfc5280#section-4.2.1.13>.
        /// If specified, the default
        /// [Cloud Storage
        /// URLs][google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.crl_access_urls]
        /// will be omitted.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.crl_access_urls]: crate::model::certificate_authority::AccessUrls::crl_access_urls
        pub crl_access_urls: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl UserDefinedAccessUrls {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [aia_issuing_certificate_urls][crate::model::certificate_authority::UserDefinedAccessUrls::aia_issuing_certificate_urls].
        pub fn set_aia_issuing_certificate_urls<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.aia_issuing_certificate_urls = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [crl_access_urls][crate::model::certificate_authority::UserDefinedAccessUrls::crl_access_urls].
        pub fn set_crl_access_urls<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.crl_access_urls = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for UserDefinedAccessUrls {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateAuthority.UserDefinedAccessUrls"
        }
    }

    /// The type of a
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
    /// indicating its issuing chain.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum Type {
        /// Not specified.
        Unspecified,
        /// Self-signed CA.
        SelfSigned,
        /// Subordinate CA. Could be issued by a Private CA
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
        /// or an unmanaged CA.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        Subordinate,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [Type::value] or
        /// [Type::name].
        UnknownValue(r#type::UnknownValue),
    }

    #[doc(hidden)]
    pub mod r#type {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl Type {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::SelfSigned => std::option::Option::Some(1),
                Self::Subordinate => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("TYPE_UNSPECIFIED"),
                Self::SelfSigned => std::option::Option::Some("SELF_SIGNED"),
                Self::Subordinate => std::option::Option::Some("SUBORDINATE"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for Type {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for Type {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for Type {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::SelfSigned,
                2 => Self::Subordinate,
                _ => Self::UnknownValue(r#type::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for Type {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "TYPE_UNSPECIFIED" => Self::Unspecified,
                "SELF_SIGNED" => Self::SelfSigned,
                "SUBORDINATE" => Self::Subordinate,
                _ => Self::UnknownValue(r#type::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for Type {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::SelfSigned => serializer.serialize_i32(1),
                Self::Subordinate => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for Type {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<Type>::new(
                ".google.cloud.security.privateca.v1.CertificateAuthority.Type",
            ))
        }
    }

    /// The state of a
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
    /// indicating if it can be used.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum State {
        /// Not specified.
        Unspecified,
        /// Certificates can be issued from this CA. CRLs will be generated for this
        /// CA. The CA will be part of the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
        /// will be used to issue certificates from the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        Enabled,
        /// Certificates cannot be issued from this CA. CRLs will still be generated.
        /// The CA will be part of the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
        /// will not be used to issue certificates from the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        Disabled,
        /// Certificates can be issued from this CA. CRLs will be generated for this
        /// CA. The CA will be part of the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
        /// will not be used to issue certificates from the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        Staged,
        /// Certificates cannot be issued from this CA. CRLs will not be generated.
        /// The CA will not be part of the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
        /// will not be used to issue certificates from the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        AwaitingUserActivation,
        /// Certificates cannot be issued from this CA. CRLs will not be generated.
        /// The CA may still be recovered by calling
        /// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]
        /// before
        /// [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
        /// The CA will not be part of the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
        /// will not be used to issue certificates from the
        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        /// [google.cloud.security.privateca.v1.CertificateAuthority.expire_time]: crate::model::CertificateAuthority::expire_time
        /// [google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]: crate::client::CertificateAuthorityService::undelete_certificate_authority
        Deleted,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [State::value] or
        /// [State::name].
        UnknownValue(state::UnknownValue),
    }

    #[doc(hidden)]
    pub mod state {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl State {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Enabled => std::option::Option::Some(1),
                Self::Disabled => std::option::Option::Some(2),
                Self::Staged => std::option::Option::Some(3),
                Self::AwaitingUserActivation => std::option::Option::Some(4),
                Self::Deleted => std::option::Option::Some(5),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("STATE_UNSPECIFIED"),
                Self::Enabled => std::option::Option::Some("ENABLED"),
                Self::Disabled => std::option::Option::Some("DISABLED"),
                Self::Staged => std::option::Option::Some("STAGED"),
                Self::AwaitingUserActivation => {
                    std::option::Option::Some("AWAITING_USER_ACTIVATION")
                }
                Self::Deleted => std::option::Option::Some("DELETED"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for State {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for State {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for State {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Enabled,
                2 => Self::Disabled,
                3 => Self::Staged,
                4 => Self::AwaitingUserActivation,
                5 => Self::Deleted,
                _ => Self::UnknownValue(state::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for State {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "STATE_UNSPECIFIED" => Self::Unspecified,
                "ENABLED" => Self::Enabled,
                "DISABLED" => Self::Disabled,
                "STAGED" => Self::Staged,
                "AWAITING_USER_ACTIVATION" => Self::AwaitingUserActivation,
                "DELETED" => Self::Deleted,
                _ => Self::UnknownValue(state::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for State {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Enabled => serializer.serialize_i32(1),
                Self::Disabled => serializer.serialize_i32(2),
                Self::Staged => serializer.serialize_i32(3),
                Self::AwaitingUserActivation => serializer.serialize_i32(4),
                Self::Deleted => serializer.serialize_i32(5),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for State {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<State>::new(
                ".google.cloud.security.privateca.v1.CertificateAuthority.State",
            ))
        }
    }

    /// The algorithm of a Cloud KMS CryptoKeyVersion of a
    /// [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
    /// [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
    /// `ASYMMETRIC_SIGN`. These values correspond to the
    /// [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
    /// values. For RSA signing algorithms, the PSS algorithms should be preferred,
    /// use PKCS1 algorithms if required for compatibility. For further
    /// recommendations, see
    /// <https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations>.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum SignHashAlgorithm {
        /// Not specified.
        Unspecified,
        /// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
        RsaPss2048Sha256,
        /// maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
        RsaPss3072Sha256,
        /// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
        RsaPss4096Sha256,
        /// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
        RsaPkcs12048Sha256,
        /// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
        RsaPkcs13072Sha256,
        /// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
        RsaPkcs14096Sha256,
        /// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
        EcP256Sha256,
        /// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
        EcP384Sha384,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [SignHashAlgorithm::value] or
        /// [SignHashAlgorithm::name].
        UnknownValue(sign_hash_algorithm::UnknownValue),
    }

    #[doc(hidden)]
    pub mod sign_hash_algorithm {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl SignHashAlgorithm {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::RsaPss2048Sha256 => std::option::Option::Some(1),
                Self::RsaPss3072Sha256 => std::option::Option::Some(2),
                Self::RsaPss4096Sha256 => std::option::Option::Some(3),
                Self::RsaPkcs12048Sha256 => std::option::Option::Some(6),
                Self::RsaPkcs13072Sha256 => std::option::Option::Some(7),
                Self::RsaPkcs14096Sha256 => std::option::Option::Some(8),
                Self::EcP256Sha256 => std::option::Option::Some(4),
                Self::EcP384Sha384 => std::option::Option::Some(5),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("SIGN_HASH_ALGORITHM_UNSPECIFIED"),
                Self::RsaPss2048Sha256 => std::option::Option::Some("RSA_PSS_2048_SHA256"),
                Self::RsaPss3072Sha256 => std::option::Option::Some("RSA_PSS_3072_SHA256"),
                Self::RsaPss4096Sha256 => std::option::Option::Some("RSA_PSS_4096_SHA256"),
                Self::RsaPkcs12048Sha256 => std::option::Option::Some("RSA_PKCS1_2048_SHA256"),
                Self::RsaPkcs13072Sha256 => std::option::Option::Some("RSA_PKCS1_3072_SHA256"),
                Self::RsaPkcs14096Sha256 => std::option::Option::Some("RSA_PKCS1_4096_SHA256"),
                Self::EcP256Sha256 => std::option::Option::Some("EC_P256_SHA256"),
                Self::EcP384Sha384 => std::option::Option::Some("EC_P384_SHA384"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for SignHashAlgorithm {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for SignHashAlgorithm {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for SignHashAlgorithm {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::RsaPss2048Sha256,
                2 => Self::RsaPss3072Sha256,
                3 => Self::RsaPss4096Sha256,
                4 => Self::EcP256Sha256,
                5 => Self::EcP384Sha384,
                6 => Self::RsaPkcs12048Sha256,
                7 => Self::RsaPkcs13072Sha256,
                8 => Self::RsaPkcs14096Sha256,
                _ => Self::UnknownValue(sign_hash_algorithm::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for SignHashAlgorithm {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "SIGN_HASH_ALGORITHM_UNSPECIFIED" => Self::Unspecified,
                "RSA_PSS_2048_SHA256" => Self::RsaPss2048Sha256,
                "RSA_PSS_3072_SHA256" => Self::RsaPss3072Sha256,
                "RSA_PSS_4096_SHA256" => Self::RsaPss4096Sha256,
                "RSA_PKCS1_2048_SHA256" => Self::RsaPkcs12048Sha256,
                "RSA_PKCS1_3072_SHA256" => Self::RsaPkcs13072Sha256,
                "RSA_PKCS1_4096_SHA256" => Self::RsaPkcs14096Sha256,
                "EC_P256_SHA256" => Self::EcP256Sha256,
                "EC_P384_SHA384" => Self::EcP384Sha384,
                _ => Self::UnknownValue(sign_hash_algorithm::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for SignHashAlgorithm {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::RsaPss2048Sha256 => serializer.serialize_i32(1),
                Self::RsaPss3072Sha256 => serializer.serialize_i32(2),
                Self::RsaPss4096Sha256 => serializer.serialize_i32(3),
                Self::RsaPkcs12048Sha256 => serializer.serialize_i32(6),
                Self::RsaPkcs13072Sha256 => serializer.serialize_i32(7),
                Self::RsaPkcs14096Sha256 => serializer.serialize_i32(8),
                Self::EcP256Sha256 => serializer.serialize_i32(4),
                Self::EcP384Sha384 => serializer.serialize_i32(5),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for SignHashAlgorithm {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<SignHashAlgorithm>::new(
                ".google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm",
            ))
        }
    }
}

/// A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of
/// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
/// that form a trust anchor. A
/// [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage
/// issuance policies for one or more
/// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
/// resources and to rotate CA certificates in and out of the trust anchor.
///
/// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
/// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CaPool {
    /// Identifier. The resource name for this
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
    /// `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub name: std::string::String,

    /// Required. Immutable. The
    /// [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
    /// [CaPool][google.cloud.security.privateca.v1.CaPool].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.Tier]: crate::model::ca_pool::Tier
    pub tier: crate::model::ca_pool::Tier,

    /// Optional. The
    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
    /// to control how
    /// [Certificates][google.cloud.security.privateca.v1.Certificate] will be
    /// issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy]: crate::model::ca_pool::IssuancePolicy
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub issuance_policy: std::option::Option<crate::model::ca_pool::IssuancePolicy>,

    /// Optional. The
    /// [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
    /// to follow when issuing
    /// [Certificates][google.cloud.security.privateca.v1.Certificate] from any
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.PublishingOptions]: crate::model::ca_pool::PublishingOptions
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub publishing_options: std::option::Option<crate::model::ca_pool::PublishingOptions>,

    /// Optional. Labels with user-defined metadata.
    pub labels: std::collections::HashMap<std::string::String, std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CaPool {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::CaPool::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [tier][crate::model::CaPool::tier].
    pub fn set_tier<T: std::convert::Into<crate::model::ca_pool::Tier>>(mut self, v: T) -> Self {
        self.tier = v.into();
        self
    }

    /// Sets the value of [issuance_policy][crate::model::CaPool::issuance_policy].
    pub fn set_issuance_policy<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ca_pool::IssuancePolicy>,
    {
        self.issuance_policy = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [issuance_policy][crate::model::CaPool::issuance_policy].
    pub fn set_or_clear_issuance_policy<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ca_pool::IssuancePolicy>,
    {
        self.issuance_policy = v.map(|x| x.into());
        self
    }

    /// Sets the value of [publishing_options][crate::model::CaPool::publishing_options].
    pub fn set_publishing_options<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ca_pool::PublishingOptions>,
    {
        self.publishing_options = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [publishing_options][crate::model::CaPool::publishing_options].
    pub fn set_or_clear_publishing_options<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ca_pool::PublishingOptions>,
    {
        self.publishing_options = v.map(|x| x.into());
        self
    }

    /// Sets the value of [labels][crate::model::CaPool::labels].
    pub fn set_labels<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.labels = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }
}

impl wkt::message::Message for CaPool {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CaPool"
    }
}

/// Defines additional types related to [CaPool].
pub mod ca_pool {
    #[allow(unused_imports)]
    use super::*;

    /// Options relating to the publication of each
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
    /// CA certificate and CRLs and their inclusion as extensions in issued
    /// [Certificates][google.cloud.security.privateca.v1.Certificate]. The options
    /// set here apply to certificates issued by any
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the [CaPool][google.cloud.security.privateca.v1.CaPool].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct PublishingOptions {
        /// Optional. When true, publishes each
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
        /// CA certificate and includes its URL in the "Authority Information Access"
        /// X.509 extension in all issued
        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
        /// is false, the CA certificate will not be published and the corresponding
        /// X.509 extension will not be written in issued certificates.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        pub publish_ca_cert: bool,

        /// Optional. When true, publishes each
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
        /// CRL and includes its URL in the "CRL Distribution Points" X.509 extension
        /// in all issued
        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
        /// is false, CRLs will not be published and the corresponding X.509
        /// extension will not be written in issued certificates. CRLs will expire 7
        /// days from their creation. However, we will rebuild daily. CRLs are also
        /// rebuilt shortly after a certificate is revoked.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        pub publish_crl: bool,

        /// Optional. Specifies the encoding format of each
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
        /// resource's CA certificate and CRLs. If this is omitted, CA certificates
        /// and CRLs will be published in PEM.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        pub encoding_format: crate::model::ca_pool::publishing_options::EncodingFormat,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl PublishingOptions {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [publish_ca_cert][crate::model::ca_pool::PublishingOptions::publish_ca_cert].
        pub fn set_publish_ca_cert<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.publish_ca_cert = v.into();
            self
        }

        /// Sets the value of [publish_crl][crate::model::ca_pool::PublishingOptions::publish_crl].
        pub fn set_publish_crl<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.publish_crl = v.into();
            self
        }

        /// Sets the value of [encoding_format][crate::model::ca_pool::PublishingOptions::encoding_format].
        pub fn set_encoding_format<
            T: std::convert::Into<crate::model::ca_pool::publishing_options::EncodingFormat>,
        >(
            mut self,
            v: T,
        ) -> Self {
            self.encoding_format = v.into();
            self
        }
    }

    impl wkt::message::Message for PublishingOptions {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CaPool.PublishingOptions"
        }
    }

    /// Defines additional types related to [PublishingOptions].
    pub mod publishing_options {
        #[allow(unused_imports)]
        use super::*;

        /// Supported encoding formats for publishing.
        ///
        /// # Working with unknown values
        ///
        /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
        /// additional enum variants at any time. Adding new variants is not considered
        /// a breaking change. Applications should write their code in anticipation of:
        ///
        /// - New values appearing in future releases of the client library, **and**
        /// - New values received dynamically, without application changes.
        ///
        /// Please consult the [Working with enums] section in the user guide for some
        /// guidelines.
        ///
        /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
        #[derive(Clone, Debug, PartialEq)]
        #[non_exhaustive]
        pub enum EncodingFormat {
            /// Not specified. By default, PEM format will be used.
            Unspecified,
            /// The
            /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
            /// CA certificate and CRLs will be published in PEM format.
            ///
            /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
            Pem,
            /// The
            /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
            /// CA certificate and CRLs will be published in DER format.
            ///
            /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
            Der,
            /// If set, the enum was initialized with an unknown value.
            ///
            /// Applications can examine the value using [EncodingFormat::value] or
            /// [EncodingFormat::name].
            UnknownValue(encoding_format::UnknownValue),
        }

        #[doc(hidden)]
        pub mod encoding_format {
            #[allow(unused_imports)]
            use super::*;
            #[derive(Clone, Debug, PartialEq)]
            pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
        }

        impl EncodingFormat {
            /// Gets the enum value.
            ///
            /// Returns `None` if the enum contains an unknown value deserialized from
            /// the string representation of enums.
            pub fn value(&self) -> std::option::Option<i32> {
                match self {
                    Self::Unspecified => std::option::Option::Some(0),
                    Self::Pem => std::option::Option::Some(1),
                    Self::Der => std::option::Option::Some(2),
                    Self::UnknownValue(u) => u.0.value(),
                }
            }

            /// Gets the enum value as a string.
            ///
            /// Returns `None` if the enum contains an unknown value deserialized from
            /// the integer representation of enums.
            pub fn name(&self) -> std::option::Option<&str> {
                match self {
                    Self::Unspecified => std::option::Option::Some("ENCODING_FORMAT_UNSPECIFIED"),
                    Self::Pem => std::option::Option::Some("PEM"),
                    Self::Der => std::option::Option::Some("DER"),
                    Self::UnknownValue(u) => u.0.name(),
                }
            }
        }

        impl std::default::Default for EncodingFormat {
            fn default() -> Self {
                use std::convert::From;
                Self::from(0)
            }
        }

        impl std::fmt::Display for EncodingFormat {
            fn fmt(
                &self,
                f: &mut std::fmt::Formatter<'_>,
            ) -> std::result::Result<(), std::fmt::Error> {
                wkt::internal::display_enum(f, self.name(), self.value())
            }
        }

        impl std::convert::From<i32> for EncodingFormat {
            fn from(value: i32) -> Self {
                match value {
                    0 => Self::Unspecified,
                    1 => Self::Pem,
                    2 => Self::Der,
                    _ => Self::UnknownValue(encoding_format::UnknownValue(
                        wkt::internal::UnknownEnumValue::Integer(value),
                    )),
                }
            }
        }

        impl std::convert::From<&str> for EncodingFormat {
            fn from(value: &str) -> Self {
                use std::string::ToString;
                match value {
                    "ENCODING_FORMAT_UNSPECIFIED" => Self::Unspecified,
                    "PEM" => Self::Pem,
                    "DER" => Self::Der,
                    _ => Self::UnknownValue(encoding_format::UnknownValue(
                        wkt::internal::UnknownEnumValue::String(value.to_string()),
                    )),
                }
            }
        }

        impl serde::ser::Serialize for EncodingFormat {
            fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
            where
                S: serde::Serializer,
            {
                match self {
                    Self::Unspecified => serializer.serialize_i32(0),
                    Self::Pem => serializer.serialize_i32(1),
                    Self::Der => serializer.serialize_i32(2),
                    Self::UnknownValue(u) => u.0.serialize(serializer),
                }
            }
        }

        impl<'de> serde::de::Deserialize<'de> for EncodingFormat {
            fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
            where
                D: serde::Deserializer<'de>,
            {
                deserializer.deserialize_any(wkt::internal::EnumVisitor::<EncodingFormat>::new(
                    ".google.cloud.security.privateca.v1.CaPool.PublishingOptions.EncodingFormat",
                ))
            }
        }
    }

    /// Defines controls over all certificate issuance within a
    /// [CaPool][google.cloud.security.privateca.v1.CaPool].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct IssuancePolicy {
        /// Optional. If any
        /// [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
        /// is specified, then the certificate request's public key must match one of
        /// the key types listed here. Otherwise, any key may be used.
        ///
        /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]: crate::model::ca_pool::issuance_policy::AllowedKeyType
        pub allowed_key_types:
            std::vec::Vec<crate::model::ca_pool::issuance_policy::AllowedKeyType>,

        /// Optional. The duration to backdate all certificates issued from this
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. If not set, the
        /// certificates will be issued with a not_before_time of the issuance time
        /// (i.e. the current time). If set, the certificates will be issued with a
        /// not_before_time of the issuance time minus the backdate_duration. The
        /// not_after_time will be adjusted to preserve the requested lifetime. The
        /// backdate_duration must be less than or equal to 48 hours.
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        pub backdate_duration: std::option::Option<wkt::Duration>,

        /// Optional. The maximum lifetime allowed for issued
        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
        /// if the issuing
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
        /// expires before a
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] resource's
        /// requested maximum_lifetime, the effective lifetime will be explicitly
        /// truncated to match it.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        pub maximum_lifetime: std::option::Option<wkt::Duration>,

        /// Optional. If specified, then only methods allowed in the
        /// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
        /// may be used to issue
        /// [Certificates][google.cloud.security.privateca.v1.Certificate].
        ///
        /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]: crate::model::ca_pool::issuance_policy::IssuanceModes
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub allowed_issuance_modes:
            std::option::Option<crate::model::ca_pool::issuance_policy::IssuanceModes>,

        /// Optional. A set of X.509 values that will be applied to all certificates
        /// issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
        /// If a certificate request includes conflicting values for the same
        /// properties, they will be overwritten by the values defined here. If a
        /// certificate request uses a
        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
        /// that defines conflicting
        /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
        /// for the same properties, the certificate issuance request will fail.
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
        /// [google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]: crate::model::CertificateTemplate::predefined_values
        pub baseline_values: std::option::Option<crate::model::X509Parameters>,

        /// Optional. Describes constraints on identities that may appear in
        /// [Certificates][google.cloud.security.privateca.v1.Certificate] issued
        /// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
        /// is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
        /// will not add restrictions on a certificate's identity.
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub identity_constraints: std::option::Option<crate::model::CertificateIdentityConstraints>,

        /// Optional. Describes the set of X.509 extensions that may appear in a
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
        /// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
        /// certificate request sets extensions that don't appear in the
        /// [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
        /// those extensions will be dropped. If a certificate request uses a
        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
        /// with
        /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
        /// that don't appear here, the certificate issuance request will fail. If
        /// this is omitted, then this
        /// [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
        /// restrictions on a certificate's X.509 extensions. These constraints do
        /// not apply to X.509 extensions set in this
        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
        /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]: crate::model::ca_pool::IssuancePolicy::baseline_values
        /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions]: crate::model::ca_pool::IssuancePolicy::passthrough_extensions
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
        /// [google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]: crate::model::CertificateTemplate::predefined_values
        pub passthrough_extensions:
            std::option::Option<crate::model::CertificateExtensionConstraints>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl IssuancePolicy {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [allowed_key_types][crate::model::ca_pool::IssuancePolicy::allowed_key_types].
        pub fn set_allowed_key_types<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<crate::model::ca_pool::issuance_policy::AllowedKeyType>,
        {
            use std::iter::Iterator;
            self.allowed_key_types = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [backdate_duration][crate::model::ca_pool::IssuancePolicy::backdate_duration].
        pub fn set_backdate_duration<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<wkt::Duration>,
        {
            self.backdate_duration = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [backdate_duration][crate::model::ca_pool::IssuancePolicy::backdate_duration].
        pub fn set_or_clear_backdate_duration<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<wkt::Duration>,
        {
            self.backdate_duration = v.map(|x| x.into());
            self
        }

        /// Sets the value of [maximum_lifetime][crate::model::ca_pool::IssuancePolicy::maximum_lifetime].
        pub fn set_maximum_lifetime<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<wkt::Duration>,
        {
            self.maximum_lifetime = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [maximum_lifetime][crate::model::ca_pool::IssuancePolicy::maximum_lifetime].
        pub fn set_or_clear_maximum_lifetime<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<wkt::Duration>,
        {
            self.maximum_lifetime = v.map(|x| x.into());
            self
        }

        /// Sets the value of [allowed_issuance_modes][crate::model::ca_pool::IssuancePolicy::allowed_issuance_modes].
        pub fn set_allowed_issuance_modes<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::ca_pool::issuance_policy::IssuanceModes>,
        {
            self.allowed_issuance_modes = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [allowed_issuance_modes][crate::model::ca_pool::IssuancePolicy::allowed_issuance_modes].
        pub fn set_or_clear_allowed_issuance_modes<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::ca_pool::issuance_policy::IssuanceModes>,
        {
            self.allowed_issuance_modes = v.map(|x| x.into());
            self
        }

        /// Sets the value of [baseline_values][crate::model::ca_pool::IssuancePolicy::baseline_values].
        pub fn set_baseline_values<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::X509Parameters>,
        {
            self.baseline_values = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [baseline_values][crate::model::ca_pool::IssuancePolicy::baseline_values].
        pub fn set_or_clear_baseline_values<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::X509Parameters>,
        {
            self.baseline_values = v.map(|x| x.into());
            self
        }

        /// Sets the value of [identity_constraints][crate::model::ca_pool::IssuancePolicy::identity_constraints].
        pub fn set_identity_constraints<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::CertificateIdentityConstraints>,
        {
            self.identity_constraints = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [identity_constraints][crate::model::ca_pool::IssuancePolicy::identity_constraints].
        pub fn set_or_clear_identity_constraints<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::CertificateIdentityConstraints>,
        {
            self.identity_constraints = v.map(|x| x.into());
            self
        }

        /// Sets the value of [passthrough_extensions][crate::model::ca_pool::IssuancePolicy::passthrough_extensions].
        pub fn set_passthrough_extensions<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::CertificateExtensionConstraints>,
        {
            self.passthrough_extensions = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [passthrough_extensions][crate::model::ca_pool::IssuancePolicy::passthrough_extensions].
        pub fn set_or_clear_passthrough_extensions<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::CertificateExtensionConstraints>,
        {
            self.passthrough_extensions = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for IssuancePolicy {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CaPool.IssuancePolicy"
        }
    }

    /// Defines additional types related to [IssuancePolicy].
    pub mod issuance_policy {
        #[allow(unused_imports)]
        use super::*;

        /// Describes a "type" of key that may be used in a
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
        /// a [CaPool][google.cloud.security.privateca.v1.CaPool]. Note that a single
        /// [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
        /// may refer to either a fully-qualified key algorithm, such as RSA 4096, or
        /// a family of key algorithms, such as any RSA key.
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]: crate::model::ca_pool::issuance_policy::AllowedKeyType
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        #[derive(Clone, Default, PartialEq)]
        #[non_exhaustive]
        pub struct AllowedKeyType {
            pub key_type: std::option::Option<
                crate::model::ca_pool::issuance_policy::allowed_key_type::KeyType,
            >,

            pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
        }

        impl AllowedKeyType {
            pub fn new() -> Self {
                std::default::Default::default()
            }

            /// Sets the value of [key_type][crate::model::ca_pool::issuance_policy::AllowedKeyType::key_type].
            ///
            /// Note that all the setters affecting `key_type` are mutually
            /// exclusive.
            pub fn set_key_type<
                T: std::convert::Into<
                        std::option::Option<
                            crate::model::ca_pool::issuance_policy::allowed_key_type::KeyType,
                        >,
                    >,
            >(
                mut self,
                v: T,
            ) -> Self {
                self.key_type = v.into();
                self
            }

            /// The value of [key_type][crate::model::ca_pool::issuance_policy::AllowedKeyType::key_type]
            /// if it holds a `Rsa`, `None` if the field is not set or
            /// holds a different branch.
            pub fn rsa(
                &self,
            ) -> std::option::Option<
                &std::boxed::Box<
                    crate::model::ca_pool::issuance_policy::allowed_key_type::RsaKeyType,
                >,
            > {
                #[allow(unreachable_patterns)]
                self.key_type.as_ref().and_then(|v| match v {
                    crate::model::ca_pool::issuance_policy::allowed_key_type::KeyType::Rsa(v) => {
                        std::option::Option::Some(v)
                    }
                    _ => std::option::Option::None,
                })
            }

            /// Sets the value of [key_type][crate::model::ca_pool::issuance_policy::AllowedKeyType::key_type]
            /// to hold a `Rsa`.
            ///
            /// Note that all the setters affecting `key_type` are
            /// mutually exclusive.
            pub fn set_rsa<
                T: std::convert::Into<
                        std::boxed::Box<
                            crate::model::ca_pool::issuance_policy::allowed_key_type::RsaKeyType,
                        >,
                    >,
            >(
                mut self,
                v: T,
            ) -> Self {
                self.key_type = std::option::Option::Some(
                    crate::model::ca_pool::issuance_policy::allowed_key_type::KeyType::Rsa(
                        v.into(),
                    ),
                );
                self
            }

            /// The value of [key_type][crate::model::ca_pool::issuance_policy::AllowedKeyType::key_type]
            /// if it holds a `EllipticCurve`, `None` if the field is not set or
            /// holds a different branch.
            pub fn elliptic_curve(
                &self,
            ) -> std::option::Option<
                &std::boxed::Box<
                    crate::model::ca_pool::issuance_policy::allowed_key_type::EcKeyType,
                >,
            > {
                #[allow(unreachable_patterns)]
                self.key_type.as_ref().and_then(|v| match v {
                    crate::model::ca_pool::issuance_policy::allowed_key_type::KeyType::EllipticCurve(v) => std::option::Option::Some(v),
                    _ => std::option::Option::None,
                })
            }

            /// Sets the value of [key_type][crate::model::ca_pool::issuance_policy::AllowedKeyType::key_type]
            /// to hold a `EllipticCurve`.
            ///
            /// Note that all the setters affecting `key_type` are
            /// mutually exclusive.
            pub fn set_elliptic_curve<
                T: std::convert::Into<
                        std::boxed::Box<
                            crate::model::ca_pool::issuance_policy::allowed_key_type::EcKeyType,
                        >,
                    >,
            >(
                mut self,
                v: T,
            ) -> Self {
                self.key_type = std::option::Option::Some(
                    crate::model::ca_pool::issuance_policy::allowed_key_type::KeyType::EllipticCurve(
                        v.into()
                    )
                );
                self
            }
        }

        impl wkt::message::Message for AllowedKeyType {
            fn typename() -> &'static str {
                "type.googleapis.com/google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType"
            }
        }

        /// Defines additional types related to [AllowedKeyType].
        pub mod allowed_key_type {
            #[allow(unused_imports)]
            use super::*;

            /// Describes an RSA key that may be used in a
            /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
            /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
            ///
            /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
            /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
            #[derive(Clone, Default, PartialEq)]
            #[non_exhaustive]
            pub struct RsaKeyType {
                /// Optional. The minimum allowed RSA modulus size (inclusive), in bits.
                /// If this is not set, or if set to zero, the service-level min RSA
                /// modulus size will continue to apply.
                pub min_modulus_size: i64,

                /// Optional. The maximum allowed RSA modulus size (inclusive), in bits.
                /// If this is not set, or if set to zero, the service will not enforce
                /// an explicit upper bound on RSA modulus sizes.
                pub max_modulus_size: i64,

                pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
            }

            impl RsaKeyType {
                pub fn new() -> Self {
                    std::default::Default::default()
                }

                /// Sets the value of [min_modulus_size][crate::model::ca_pool::issuance_policy::allowed_key_type::RsaKeyType::min_modulus_size].
                pub fn set_min_modulus_size<T: std::convert::Into<i64>>(mut self, v: T) -> Self {
                    self.min_modulus_size = v.into();
                    self
                }

                /// Sets the value of [max_modulus_size][crate::model::ca_pool::issuance_policy::allowed_key_type::RsaKeyType::max_modulus_size].
                pub fn set_max_modulus_size<T: std::convert::Into<i64>>(mut self, v: T) -> Self {
                    self.max_modulus_size = v.into();
                    self
                }
            }

            impl wkt::message::Message for RsaKeyType {
                fn typename() -> &'static str {
                    "type.googleapis.com/google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType"
                }
            }

            /// Describes an Elliptic Curve key that may be used in a
            /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
            /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
            ///
            /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
            /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
            #[derive(Clone, Default, PartialEq)]
            #[non_exhaustive]
            pub struct EcKeyType {

                /// Optional. A signature algorithm that must be used. If this is
                /// omitted, any EC-based signature algorithm will be allowed.
                pub signature_algorithm: crate::model::ca_pool::issuance_policy::allowed_key_type::ec_key_type::EcSignatureAlgorithm,

                pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
            }

            impl EcKeyType {
                pub fn new() -> Self {
                    std::default::Default::default()
                }

                /// Sets the value of [signature_algorithm][crate::model::ca_pool::issuance_policy::allowed_key_type::EcKeyType::signature_algorithm].
                pub fn set_signature_algorithm<T: std::convert::Into<crate::model::ca_pool::issuance_policy::allowed_key_type::ec_key_type::EcSignatureAlgorithm>>(mut self, v: T) -> Self{
                    self.signature_algorithm = v.into();
                    self
                }
            }

            impl wkt::message::Message for EcKeyType {
                fn typename() -> &'static str {
                    "type.googleapis.com/google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType"
                }
            }

            /// Defines additional types related to [EcKeyType].
            pub mod ec_key_type {
                #[allow(unused_imports)]
                use super::*;

                /// Describes an elliptic curve-based signature algorithm that may be
                /// used in a
                /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
                /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
                ///
                /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
                /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
                ///
                /// # Working with unknown values
                ///
                /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
                /// additional enum variants at any time. Adding new variants is not considered
                /// a breaking change. Applications should write their code in anticipation of:
                ///
                /// - New values appearing in future releases of the client library, **and**
                /// - New values received dynamically, without application changes.
                ///
                /// Please consult the [Working with enums] section in the user guide for some
                /// guidelines.
                ///
                /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
                #[derive(Clone, Debug, PartialEq)]
                #[non_exhaustive]
                pub enum EcSignatureAlgorithm {
                    /// Not specified. Signifies that any signature algorithm may be used.
                    Unspecified,
                    /// Refers to the Elliptic Curve Digital Signature Algorithm over the
                    /// NIST P-256 curve.
                    EcdsaP256,
                    /// Refers to the Elliptic Curve Digital Signature Algorithm over the
                    /// NIST P-384 curve.
                    EcdsaP384,
                    /// Refers to the Edwards-curve Digital Signature Algorithm over curve
                    /// 25519, as described in RFC 8410.
                    Eddsa25519,
                    /// If set, the enum was initialized with an unknown value.
                    ///
                    /// Applications can examine the value using [EcSignatureAlgorithm::value] or
                    /// [EcSignatureAlgorithm::name].
                    UnknownValue(ec_signature_algorithm::UnknownValue),
                }

                #[doc(hidden)]
                pub mod ec_signature_algorithm {
                    #[allow(unused_imports)]
                    use super::*;
                    #[derive(Clone, Debug, PartialEq)]
                    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
                }

                impl EcSignatureAlgorithm {
                    /// Gets the enum value.
                    ///
                    /// Returns `None` if the enum contains an unknown value deserialized from
                    /// the string representation of enums.
                    pub fn value(&self) -> std::option::Option<i32> {
                        match self {
                            Self::Unspecified => std::option::Option::Some(0),
                            Self::EcdsaP256 => std::option::Option::Some(1),
                            Self::EcdsaP384 => std::option::Option::Some(2),
                            Self::Eddsa25519 => std::option::Option::Some(3),
                            Self::UnknownValue(u) => u.0.value(),
                        }
                    }

                    /// Gets the enum value as a string.
                    ///
                    /// Returns `None` if the enum contains an unknown value deserialized from
                    /// the integer representation of enums.
                    pub fn name(&self) -> std::option::Option<&str> {
                        match self {
                            Self::Unspecified => {
                                std::option::Option::Some("EC_SIGNATURE_ALGORITHM_UNSPECIFIED")
                            }
                            Self::EcdsaP256 => std::option::Option::Some("ECDSA_P256"),
                            Self::EcdsaP384 => std::option::Option::Some("ECDSA_P384"),
                            Self::Eddsa25519 => std::option::Option::Some("EDDSA_25519"),
                            Self::UnknownValue(u) => u.0.name(),
                        }
                    }
                }

                impl std::default::Default for EcSignatureAlgorithm {
                    fn default() -> Self {
                        use std::convert::From;
                        Self::from(0)
                    }
                }

                impl std::fmt::Display for EcSignatureAlgorithm {
                    fn fmt(
                        &self,
                        f: &mut std::fmt::Formatter<'_>,
                    ) -> std::result::Result<(), std::fmt::Error> {
                        wkt::internal::display_enum(f, self.name(), self.value())
                    }
                }

                impl std::convert::From<i32> for EcSignatureAlgorithm {
                    fn from(value: i32) -> Self {
                        match value {
                            0 => Self::Unspecified,
                            1 => Self::EcdsaP256,
                            2 => Self::EcdsaP384,
                            3 => Self::Eddsa25519,
                            _ => Self::UnknownValue(ec_signature_algorithm::UnknownValue(
                                wkt::internal::UnknownEnumValue::Integer(value),
                            )),
                        }
                    }
                }

                impl std::convert::From<&str> for EcSignatureAlgorithm {
                    fn from(value: &str) -> Self {
                        use std::string::ToString;
                        match value {
                            "EC_SIGNATURE_ALGORITHM_UNSPECIFIED" => Self::Unspecified,
                            "ECDSA_P256" => Self::EcdsaP256,
                            "ECDSA_P384" => Self::EcdsaP384,
                            "EDDSA_25519" => Self::Eddsa25519,
                            _ => Self::UnknownValue(ec_signature_algorithm::UnknownValue(
                                wkt::internal::UnknownEnumValue::String(value.to_string()),
                            )),
                        }
                    }
                }

                impl serde::ser::Serialize for EcSignatureAlgorithm {
                    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
                    where
                        S: serde::Serializer,
                    {
                        match self {
                            Self::Unspecified => serializer.serialize_i32(0),
                            Self::EcdsaP256 => serializer.serialize_i32(1),
                            Self::EcdsaP384 => serializer.serialize_i32(2),
                            Self::Eddsa25519 => serializer.serialize_i32(3),
                            Self::UnknownValue(u) => u.0.serialize(serializer),
                        }
                    }
                }

                impl<'de> serde::de::Deserialize<'de> for EcSignatureAlgorithm {
                    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
                    where
                        D: serde::Deserializer<'de>,
                    {
                        deserializer.deserialize_any(wkt::internal::EnumVisitor::<EcSignatureAlgorithm>::new(
                            ".google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm"))
                    }
                }
            }

            #[derive(Clone, Debug, PartialEq)]
            #[non_exhaustive]
            pub enum KeyType {
                /// Represents an allowed RSA key type.
                Rsa(
                    std::boxed::Box<
                        crate::model::ca_pool::issuance_policy::allowed_key_type::RsaKeyType,
                    >,
                ),
                /// Represents an allowed Elliptic Curve key type.
                EllipticCurve(
                    std::boxed::Box<
                        crate::model::ca_pool::issuance_policy::allowed_key_type::EcKeyType,
                    >,
                ),
            }
        }

        /// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
        /// specifies the allowed ways in which
        /// [Certificates][google.cloud.security.privateca.v1.Certificate] may be
        /// requested from this [CaPool][google.cloud.security.privateca.v1.CaPool].
        ///
        /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
        /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]: crate::model::ca_pool::issuance_policy::IssuanceModes
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        #[derive(Clone, Default, PartialEq)]
        #[non_exhaustive]
        pub struct IssuanceModes {
            /// Optional. When true, allows callers to create
            /// [Certificates][google.cloud.security.privateca.v1.Certificate] by
            /// specifying a CSR.
            ///
            /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
            pub allow_csr_based_issuance: bool,

            /// Optional. When true, allows callers to create
            /// [Certificates][google.cloud.security.privateca.v1.Certificate] by
            /// specifying a
            /// [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
            ///
            /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
            /// [google.cloud.security.privateca.v1.CertificateConfig]: crate::model::CertificateConfig
            pub allow_config_based_issuance: bool,

            pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
        }

        impl IssuanceModes {
            pub fn new() -> Self {
                std::default::Default::default()
            }

            /// Sets the value of [allow_csr_based_issuance][crate::model::ca_pool::issuance_policy::IssuanceModes::allow_csr_based_issuance].
            pub fn set_allow_csr_based_issuance<T: std::convert::Into<bool>>(
                mut self,
                v: T,
            ) -> Self {
                self.allow_csr_based_issuance = v.into();
                self
            }

            /// Sets the value of [allow_config_based_issuance][crate::model::ca_pool::issuance_policy::IssuanceModes::allow_config_based_issuance].
            pub fn set_allow_config_based_issuance<T: std::convert::Into<bool>>(
                mut self,
                v: T,
            ) -> Self {
                self.allow_config_based_issuance = v.into();
                self
            }
        }

        impl wkt::message::Message for IssuanceModes {
            fn typename() -> &'static str {
                "type.googleapis.com/google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes"
            }
        }
    }

    /// The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool],
    /// indicating its supported functionality and/or billing SKU.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum Tier {
        /// Not specified.
        Unspecified,
        /// Enterprise tier.
        Enterprise,
        /// DevOps tier.
        Devops,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [Tier::value] or
        /// [Tier::name].
        UnknownValue(tier::UnknownValue),
    }

    #[doc(hidden)]
    pub mod tier {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl Tier {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Enterprise => std::option::Option::Some(1),
                Self::Devops => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("TIER_UNSPECIFIED"),
                Self::Enterprise => std::option::Option::Some("ENTERPRISE"),
                Self::Devops => std::option::Option::Some("DEVOPS"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for Tier {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for Tier {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for Tier {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Enterprise,
                2 => Self::Devops,
                _ => Self::UnknownValue(tier::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for Tier {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "TIER_UNSPECIFIED" => Self::Unspecified,
                "ENTERPRISE" => Self::Enterprise,
                "DEVOPS" => Self::Devops,
                _ => Self::UnknownValue(tier::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for Tier {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Enterprise => serializer.serialize_i32(1),
                Self::Devops => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for Tier {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<Tier>::new(
                ".google.cloud.security.privateca.v1.CaPool.Tier",
            ))
        }
    }
}

/// A
/// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
/// corresponds to a signed X.509 certificate Revocation List (CRL). A CRL
/// contains the serial numbers of certificates that should no longer be trusted.
///
/// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateRevocationList {
    /// Identifier. The resource name for this
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// in the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
    /// certificateRevocationLists/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub name: std::string::String,

    /// Output only. The CRL sequence number that appears in pem_crl.
    pub sequence_number: i64,

    /// Output only. The revoked serial numbers that appear in pem_crl.
    pub revoked_certificates:
        std::vec::Vec<crate::model::certificate_revocation_list::RevokedCertificate>,

    /// Output only. The PEM-encoded X.509 CRL.
    pub pem_crl: std::string::String,

    /// Output only. The location where 'pem_crl' can be accessed.
    pub access_url: std::string::String,

    /// Output only. The
    /// [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
    /// for this
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    /// [google.cloud.security.privateca.v1.CertificateRevocationList.State]: crate::model::certificate_revocation_list::State
    pub state: crate::model::certificate_revocation_list::State,

    /// Output only. The time at which this
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// was created.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// was updated.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The revision ID of this
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
    /// A new revision is committed whenever a new CRL is published. The format is
    /// an 8-character hexadecimal string.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub revision_id: std::string::String,

    /// Optional. Labels with user-defined metadata.
    pub labels: std::collections::HashMap<std::string::String, std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateRevocationList {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::CertificateRevocationList::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [sequence_number][crate::model::CertificateRevocationList::sequence_number].
    pub fn set_sequence_number<T: std::convert::Into<i64>>(mut self, v: T) -> Self {
        self.sequence_number = v.into();
        self
    }

    /// Sets the value of [revoked_certificates][crate::model::CertificateRevocationList::revoked_certificates].
    pub fn set_revoked_certificates<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::certificate_revocation_list::RevokedCertificate>,
    {
        use std::iter::Iterator;
        self.revoked_certificates = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [pem_crl][crate::model::CertificateRevocationList::pem_crl].
    pub fn set_pem_crl<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.pem_crl = v.into();
        self
    }

    /// Sets the value of [access_url][crate::model::CertificateRevocationList::access_url].
    pub fn set_access_url<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.access_url = v.into();
        self
    }

    /// Sets the value of [state][crate::model::CertificateRevocationList::state].
    pub fn set_state<T: std::convert::Into<crate::model::certificate_revocation_list::State>>(
        mut self,
        v: T,
    ) -> Self {
        self.state = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::CertificateRevocationList::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::CertificateRevocationList::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::CertificateRevocationList::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::CertificateRevocationList::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [revision_id][crate::model::CertificateRevocationList::revision_id].
    pub fn set_revision_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.revision_id = v.into();
        self
    }

    /// Sets the value of [labels][crate::model::CertificateRevocationList::labels].
    pub fn set_labels<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.labels = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }
}

impl wkt::message::Message for CertificateRevocationList {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateRevocationList"
    }
}

/// Defines additional types related to [CertificateRevocationList].
pub mod certificate_revocation_list {
    #[allow(unused_imports)]
    use super::*;

    /// Describes a revoked
    /// [Certificate][google.cloud.security.privateca.v1.Certificate].
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct RevokedCertificate {
        /// The resource name for the
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the
        /// format `projects/*/locations/*/caPools/*/certificates/*`.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub certificate: std::string::String,

        /// The serial number of the
        /// [Certificate][google.cloud.security.privateca.v1.Certificate].
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub hex_serial_number: std::string::String,

        /// The reason the
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] was
        /// revoked.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub revocation_reason: crate::model::RevocationReason,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl RevokedCertificate {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [certificate][crate::model::certificate_revocation_list::RevokedCertificate::certificate].
        pub fn set_certificate<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.certificate = v.into();
            self
        }

        /// Sets the value of [hex_serial_number][crate::model::certificate_revocation_list::RevokedCertificate::hex_serial_number].
        pub fn set_hex_serial_number<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.hex_serial_number = v.into();
            self
        }

        /// Sets the value of [revocation_reason][crate::model::certificate_revocation_list::RevokedCertificate::revocation_reason].
        pub fn set_revocation_reason<T: std::convert::Into<crate::model::RevocationReason>>(
            mut self,
            v: T,
        ) -> Self {
            self.revocation_reason = v.into();
            self
        }
    }

    impl wkt::message::Message for RevokedCertificate {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate"
        }
    }

    /// The state of a
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList],
    /// indicating if it is current.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum State {
        /// Not specified.
        Unspecified,
        /// The
        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
        /// is up to date.
        ///
        /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
        Active,
        /// The
        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
        /// is no longer current.
        ///
        /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
        Superseded,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [State::value] or
        /// [State::name].
        UnknownValue(state::UnknownValue),
    }

    #[doc(hidden)]
    pub mod state {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl State {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Active => std::option::Option::Some(1),
                Self::Superseded => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("STATE_UNSPECIFIED"),
                Self::Active => std::option::Option::Some("ACTIVE"),
                Self::Superseded => std::option::Option::Some("SUPERSEDED"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for State {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for State {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for State {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Active,
                2 => Self::Superseded,
                _ => Self::UnknownValue(state::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for State {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "STATE_UNSPECIFIED" => Self::Unspecified,
                "ACTIVE" => Self::Active,
                "SUPERSEDED" => Self::Superseded,
                _ => Self::UnknownValue(state::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for State {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Active => serializer.serialize_i32(1),
                Self::Superseded => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for State {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<State>::new(
                ".google.cloud.security.privateca.v1.CertificateRevocationList.State",
            ))
        }
    }
}

/// A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds
/// to a signed X.509 certificate issued by a
/// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
///
/// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
/// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct Certificate {
    /// Identifier. The resource name for this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
    /// `projects/*/locations/*/caPools/*/certificates/*`.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub name: std::string::String,

    /// Output only. The resource name of the issuing
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub issuer_certificate_authority: std::string::String,

    /// Required. Immutable. The desired lifetime of a certificate. Used to create
    /// the "not_before_time" and "not_after_time" fields inside an X.509
    /// certificate. Note that the lifetime may be truncated if it would extend
    /// past the life of any certificate authority in the issuing chain.
    pub lifetime: std::option::Option<wkt::Duration>,

    /// Immutable. The resource name for a
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// used to issue this certificate, in the format
    /// `projects/*/locations/*/certificateTemplates/*`.
    /// If this is specified, the caller must have the necessary permission to
    /// use this template. If this is omitted, no template will be used.
    /// This template must be in the same location as the
    /// [Certificate][google.cloud.security.privateca.v1.Certificate].
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub certificate_template: std::string::String,

    /// Immutable. Specifies how the
    /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
    /// fields are to be decided. If this is omitted, the `DEFAULT` subject mode
    /// will be used.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub subject_mode: crate::model::SubjectRequestMode,

    /// Output only. Details regarding the revocation of this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate]. This
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
    /// revoked if and only if this field is present.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub revocation_details: std::option::Option<crate::model::certificate::RevocationDetails>,

    /// Output only. The pem-encoded, signed X.509 certificate.
    pub pem_certificate: std::string::String,

    /// Output only. A structured description of the issued X.509 certificate.
    pub certificate_description: std::option::Option<crate::model::CertificateDescription>,

    /// Output only. The chain that may be used to verify the X.509 certificate.
    /// Expected to be in issuer-to-root order according to RFC 5246.
    pub pem_certificate_chain: std::vec::Vec<std::string::String>,

    /// Output only. The time at which this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Optional. Labels with user-defined metadata.
    pub labels: std::collections::HashMap<std::string::String, std::string::String>,

    /// The config used to create a signed X.509 certificate.
    pub certificate_config: std::option::Option<crate::model::certificate::CertificateConfig>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Certificate {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::Certificate::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [issuer_certificate_authority][crate::model::Certificate::issuer_certificate_authority].
    pub fn set_issuer_certificate_authority<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.issuer_certificate_authority = v.into();
        self
    }

    /// Sets the value of [lifetime][crate::model::Certificate::lifetime].
    pub fn set_lifetime<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.lifetime = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [lifetime][crate::model::Certificate::lifetime].
    pub fn set_or_clear_lifetime<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.lifetime = v.map(|x| x.into());
        self
    }

    /// Sets the value of [certificate_template][crate::model::Certificate::certificate_template].
    pub fn set_certificate_template<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.certificate_template = v.into();
        self
    }

    /// Sets the value of [subject_mode][crate::model::Certificate::subject_mode].
    pub fn set_subject_mode<T: std::convert::Into<crate::model::SubjectRequestMode>>(
        mut self,
        v: T,
    ) -> Self {
        self.subject_mode = v.into();
        self
    }

    /// Sets the value of [revocation_details][crate::model::Certificate::revocation_details].
    pub fn set_revocation_details<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate::RevocationDetails>,
    {
        self.revocation_details = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [revocation_details][crate::model::Certificate::revocation_details].
    pub fn set_or_clear_revocation_details<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate::RevocationDetails>,
    {
        self.revocation_details = v.map(|x| x.into());
        self
    }

    /// Sets the value of [pem_certificate][crate::model::Certificate::pem_certificate].
    pub fn set_pem_certificate<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.pem_certificate = v.into();
        self
    }

    /// Sets the value of [certificate_description][crate::model::Certificate::certificate_description].
    pub fn set_certificate_description<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateDescription>,
    {
        self.certificate_description = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate_description][crate::model::Certificate::certificate_description].
    pub fn set_or_clear_certificate_description<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateDescription>,
    {
        self.certificate_description = v.map(|x| x.into());
        self
    }

    /// Sets the value of [pem_certificate_chain][crate::model::Certificate::pem_certificate_chain].
    pub fn set_pem_certificate_chain<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.pem_certificate_chain = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [create_time][crate::model::Certificate::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::Certificate::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::Certificate::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::Certificate::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [labels][crate::model::Certificate::labels].
    pub fn set_labels<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.labels = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [certificate_config][crate::model::Certificate::certificate_config].
    ///
    /// Note that all the setters affecting `certificate_config` are mutually
    /// exclusive.
    pub fn set_certificate_config<
        T: std::convert::Into<std::option::Option<crate::model::certificate::CertificateConfig>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.certificate_config = v.into();
        self
    }

    /// The value of [certificate_config][crate::model::Certificate::certificate_config]
    /// if it holds a `PemCsr`, `None` if the field is not set or
    /// holds a different branch.
    pub fn pem_csr(&self) -> std::option::Option<&std::string::String> {
        #[allow(unreachable_patterns)]
        self.certificate_config.as_ref().and_then(|v| match v {
            crate::model::certificate::CertificateConfig::PemCsr(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [certificate_config][crate::model::Certificate::certificate_config]
    /// to hold a `PemCsr`.
    ///
    /// Note that all the setters affecting `certificate_config` are
    /// mutually exclusive.
    pub fn set_pem_csr<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.certificate_config = std::option::Option::Some(
            crate::model::certificate::CertificateConfig::PemCsr(v.into()),
        );
        self
    }

    /// The value of [certificate_config][crate::model::Certificate::certificate_config]
    /// if it holds a `Config`, `None` if the field is not set or
    /// holds a different branch.
    pub fn config(&self) -> std::option::Option<&std::boxed::Box<crate::model::CertificateConfig>> {
        #[allow(unreachable_patterns)]
        self.certificate_config.as_ref().and_then(|v| match v {
            crate::model::certificate::CertificateConfig::Config(v) => std::option::Option::Some(v),
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [certificate_config][crate::model::Certificate::certificate_config]
    /// to hold a `Config`.
    ///
    /// Note that all the setters affecting `certificate_config` are
    /// mutually exclusive.
    pub fn set_config<T: std::convert::Into<std::boxed::Box<crate::model::CertificateConfig>>>(
        mut self,
        v: T,
    ) -> Self {
        self.certificate_config = std::option::Option::Some(
            crate::model::certificate::CertificateConfig::Config(v.into()),
        );
        self
    }
}

impl wkt::message::Message for Certificate {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.Certificate"
    }
}

/// Defines additional types related to [Certificate].
pub mod certificate {
    #[allow(unused_imports)]
    use super::*;

    /// Describes fields that are relavent to the revocation of a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate].
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct RevocationDetails {
        /// Indicates why a
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] was
        /// revoked.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub revocation_state: crate::model::RevocationReason,

        /// The time at which this
        /// [Certificate][google.cloud.security.privateca.v1.Certificate] was
        /// revoked.
        ///
        /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
        pub revocation_time: std::option::Option<wkt::Timestamp>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl RevocationDetails {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [revocation_state][crate::model::certificate::RevocationDetails::revocation_state].
        pub fn set_revocation_state<T: std::convert::Into<crate::model::RevocationReason>>(
            mut self,
            v: T,
        ) -> Self {
            self.revocation_state = v.into();
            self
        }

        /// Sets the value of [revocation_time][crate::model::certificate::RevocationDetails::revocation_time].
        pub fn set_revocation_time<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<wkt::Timestamp>,
        {
            self.revocation_time = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [revocation_time][crate::model::certificate::RevocationDetails::revocation_time].
        pub fn set_or_clear_revocation_time<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<wkt::Timestamp>,
        {
            self.revocation_time = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for RevocationDetails {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.Certificate.RevocationDetails"
        }
    }

    /// The config used to create a signed X.509 certificate.
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum CertificateConfig {
        /// Immutable. A pem-encoded X.509 certificate signing request (CSR).
        PemCsr(std::string::String),
        /// Immutable. A description of the certificate and key that does not require
        /// X.509 or ASN.1.
        Config(std::boxed::Box<crate::model::CertificateConfig>),
    }
}

/// A
/// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
/// refers to a managed template for certificate issuance.
///
/// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateTemplate {
    /// Identifier. The resource name for this
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// in the format `projects/*/locations/*/certificateTemplates/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub name: std::string::String,

    /// Optional. The maximum lifetime allowed for issued
    /// [Certificates][google.cloud.security.privateca.v1.Certificate] that use
    /// this template. If the issuing
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] resource's
    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
    /// specifies a
    /// [maximum_lifetime][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime]
    /// the minimum of the two durations will be the maximum lifetime for issued
    /// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
    /// if the issuing
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// expires before a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
    /// maximum_lifetime, the effective lifetime will be explicitly truncated
    /// to match it.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy]: crate::model::ca_pool::IssuancePolicy
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.maximum_lifetime]: crate::model::ca_pool::IssuancePolicy::maximum_lifetime
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub maximum_lifetime: std::option::Option<wkt::Duration>,

    /// Optional. A set of X.509 values that will be applied to all issued
    /// certificates that use this template. If the certificate request includes
    /// conflicting values for the same properties, they will be overwritten by the
    /// values defined here. If the issuing
    /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
    /// defines conflicting
    /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
    /// for the same properties, the certificate issuance request will fail.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy]: crate::model::ca_pool::IssuancePolicy
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]: crate::model::ca_pool::IssuancePolicy::baseline_values
    pub predefined_values: std::option::Option<crate::model::X509Parameters>,

    /// Optional. Describes constraints on identities that may be appear in
    /// [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
    /// this template. If this is omitted, then this template will not add
    /// restrictions on a certificate's identity.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub identity_constraints: std::option::Option<crate::model::CertificateIdentityConstraints>,

    /// Optional. Describes the set of X.509 extensions that may appear in a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
    /// this
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
    /// If a certificate request sets extensions that don't appear in the
    /// [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
    /// those extensions will be dropped. If the issuing
    /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
    /// defines
    /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
    /// that don't appear here, the certificate issuance request will fail. If this
    /// is omitted, then this template will not add restrictions on a certificate's
    /// X.509 extensions. These constraints do not apply to X.509 extensions set in
    /// this
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
    /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy]: crate::model::ca_pool::IssuancePolicy
    /// [google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]: crate::model::ca_pool::IssuancePolicy::baseline_values
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    /// [google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions]: crate::model::CertificateTemplate::passthrough_extensions
    /// [google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]: crate::model::CertificateTemplate::predefined_values
    pub passthrough_extensions: std::option::Option<crate::model::CertificateExtensionConstraints>,

    /// Optional. A human-readable description of scenarios this template is
    /// intended for.
    pub description: std::string::String,

    /// Output only. The time at which this
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// was created.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time at which this
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// was updated.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub update_time: std::option::Option<wkt::Timestamp>,

    /// Optional. Labels with user-defined metadata.
    pub labels: std::collections::HashMap<std::string::String, std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateTemplate {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::CertificateTemplate::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [maximum_lifetime][crate::model::CertificateTemplate::maximum_lifetime].
    pub fn set_maximum_lifetime<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.maximum_lifetime = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [maximum_lifetime][crate::model::CertificateTemplate::maximum_lifetime].
    pub fn set_or_clear_maximum_lifetime<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Duration>,
    {
        self.maximum_lifetime = v.map(|x| x.into());
        self
    }

    /// Sets the value of [predefined_values][crate::model::CertificateTemplate::predefined_values].
    pub fn set_predefined_values<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::X509Parameters>,
    {
        self.predefined_values = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [predefined_values][crate::model::CertificateTemplate::predefined_values].
    pub fn set_or_clear_predefined_values<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::X509Parameters>,
    {
        self.predefined_values = v.map(|x| x.into());
        self
    }

    /// Sets the value of [identity_constraints][crate::model::CertificateTemplate::identity_constraints].
    pub fn set_identity_constraints<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateIdentityConstraints>,
    {
        self.identity_constraints = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [identity_constraints][crate::model::CertificateTemplate::identity_constraints].
    pub fn set_or_clear_identity_constraints<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateIdentityConstraints>,
    {
        self.identity_constraints = v.map(|x| x.into());
        self
    }

    /// Sets the value of [passthrough_extensions][crate::model::CertificateTemplate::passthrough_extensions].
    pub fn set_passthrough_extensions<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateExtensionConstraints>,
    {
        self.passthrough_extensions = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [passthrough_extensions][crate::model::CertificateTemplate::passthrough_extensions].
    pub fn set_or_clear_passthrough_extensions<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateExtensionConstraints>,
    {
        self.passthrough_extensions = v.map(|x| x.into());
        self
    }

    /// Sets the value of [description][crate::model::CertificateTemplate::description].
    pub fn set_description<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.description = v.into();
        self
    }

    /// Sets the value of [create_time][crate::model::CertificateTemplate::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::CertificateTemplate::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_time][crate::model::CertificateTemplate::update_time].
    pub fn set_update_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_time][crate::model::CertificateTemplate::update_time].
    pub fn set_or_clear_update_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.update_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [labels][crate::model::CertificateTemplate::labels].
    pub fn set_labels<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.labels = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }
}

impl wkt::message::Message for CertificateTemplate {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateTemplate"
    }
}

/// An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is
/// used to describe certain fields of an X.509 certificate, such as the key
/// usage fields, fields specific to CA certificates, certificate policy
/// extensions and custom extensions.
///
/// [google.cloud.security.privateca.v1.X509Parameters]: crate::model::X509Parameters
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct X509Parameters {
    /// Optional. Indicates the intended use for keys that correspond to a
    /// certificate.
    pub key_usage: std::option::Option<crate::model::KeyUsage>,

    /// Optional. Describes options in this
    /// [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
    /// are relevant in a CA certificate. If not specified, a default basic
    /// constraints extension with `is_ca=false` will be added for leaf
    /// certificates.
    ///
    /// [google.cloud.security.privateca.v1.X509Parameters]: crate::model::X509Parameters
    pub ca_options: std::option::Option<crate::model::x_509_parameters::CaOptions>,

    /// Optional. Describes the X.509 certificate policy object identifiers, per
    /// <https://tools.ietf.org/html/rfc5280#section-4.2.1.4>.
    pub policy_ids: std::vec::Vec<crate::model::ObjectId>,

    /// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
    /// addresses that appear in the "Authority Information Access" extension in
    /// the certificate.
    pub aia_ocsp_servers: std::vec::Vec<std::string::String>,

    /// Optional. Describes the X.509 name constraints extension.
    pub name_constraints: std::option::Option<crate::model::x_509_parameters::NameConstraints>,

    /// Optional. Describes custom X.509 extensions.
    pub additional_extensions: std::vec::Vec<crate::model::X509Extension>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl X509Parameters {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [key_usage][crate::model::X509Parameters::key_usage].
    pub fn set_key_usage<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::KeyUsage>,
    {
        self.key_usage = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [key_usage][crate::model::X509Parameters::key_usage].
    pub fn set_or_clear_key_usage<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::KeyUsage>,
    {
        self.key_usage = v.map(|x| x.into());
        self
    }

    /// Sets the value of [ca_options][crate::model::X509Parameters::ca_options].
    pub fn set_ca_options<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::x_509_parameters::CaOptions>,
    {
        self.ca_options = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ca_options][crate::model::X509Parameters::ca_options].
    pub fn set_or_clear_ca_options<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::x_509_parameters::CaOptions>,
    {
        self.ca_options = v.map(|x| x.into());
        self
    }

    /// Sets the value of [policy_ids][crate::model::X509Parameters::policy_ids].
    pub fn set_policy_ids<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ObjectId>,
    {
        use std::iter::Iterator;
        self.policy_ids = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [aia_ocsp_servers][crate::model::X509Parameters::aia_ocsp_servers].
    pub fn set_aia_ocsp_servers<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.aia_ocsp_servers = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [name_constraints][crate::model::X509Parameters::name_constraints].
    pub fn set_name_constraints<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::x_509_parameters::NameConstraints>,
    {
        self.name_constraints = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [name_constraints][crate::model::X509Parameters::name_constraints].
    pub fn set_or_clear_name_constraints<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::x_509_parameters::NameConstraints>,
    {
        self.name_constraints = v.map(|x| x.into());
        self
    }

    /// Sets the value of [additional_extensions][crate::model::X509Parameters::additional_extensions].
    pub fn set_additional_extensions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::X509Extension>,
    {
        use std::iter::Iterator;
        self.additional_extensions = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for X509Parameters {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.X509Parameters"
    }
}

/// Defines additional types related to [X509Parameters].
pub mod x_509_parameters {
    #[allow(unused_imports)]
    use super::*;

    /// Describes the X.509 basic constraints extension, per [RFC 5280
    /// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9)
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct CaOptions {
        /// Optional. Refers to the "CA" boolean field in the X.509 extension.
        /// When this value is missing, the basic constraints extension will be
        /// omitted from the certificate.
        pub is_ca: std::option::Option<bool>,

        /// Optional. Refers to the path length constraint field in the X.509
        /// extension. For a CA certificate, this value describes the depth of
        /// subordinate CA certificates that are allowed. If this value is less than
        /// 0, the request will fail. If this value is missing, the max path length
        /// will be omitted from the certificate.
        pub max_issuer_path_length: std::option::Option<i32>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl CaOptions {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [is_ca][crate::model::x_509_parameters::CaOptions::is_ca].
        pub fn set_is_ca<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<bool>,
        {
            self.is_ca = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [is_ca][crate::model::x_509_parameters::CaOptions::is_ca].
        pub fn set_or_clear_is_ca<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<bool>,
        {
            self.is_ca = v.map(|x| x.into());
            self
        }

        /// Sets the value of [max_issuer_path_length][crate::model::x_509_parameters::CaOptions::max_issuer_path_length].
        pub fn set_max_issuer_path_length<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<i32>,
        {
            self.max_issuer_path_length = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [max_issuer_path_length][crate::model::x_509_parameters::CaOptions::max_issuer_path_length].
        pub fn set_or_clear_max_issuer_path_length<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<i32>,
        {
            self.max_issuer_path_length = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for CaOptions {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.X509Parameters.CaOptions"
        }
    }

    /// Describes the X.509 name constraints extension, per
    /// <https://tools.ietf.org/html/rfc5280#section-4.2.1.10>
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct NameConstraints {
        /// Indicates whether or not the name constraints are marked critical.
        pub critical: bool,

        /// Contains permitted DNS names. Any DNS name that can be
        /// constructed by simply adding zero or more labels to
        /// the left-hand side of the name satisfies the name constraint.
        /// For example, `example.com`, `www.example.com`, `www.sub.example.com`
        /// would satisfy `example.com` while `example1.com` does not.
        pub permitted_dns_names: std::vec::Vec<std::string::String>,

        /// Contains excluded DNS names. Any DNS name that can be
        /// constructed by simply adding zero or more labels to
        /// the left-hand side of the name satisfies the name constraint.
        /// For example, `example.com`, `www.example.com`, `www.sub.example.com`
        /// would satisfy `example.com` while `example1.com` does not.
        pub excluded_dns_names: std::vec::Vec<std::string::String>,

        /// Contains the permitted IP ranges. For IPv4 addresses, the ranges
        /// are expressed using CIDR notation as specified in RFC 4632.
        /// For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
        /// addresses.
        pub permitted_ip_ranges: std::vec::Vec<std::string::String>,

        /// Contains the excluded IP ranges. For IPv4 addresses, the ranges
        /// are expressed using CIDR notation as specified in RFC 4632.
        /// For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
        /// addresses.
        pub excluded_ip_ranges: std::vec::Vec<std::string::String>,

        /// Contains the permitted email addresses. The value can be a particular
        /// email address, a hostname to indicate all email addresses on that host or
        /// a domain with a leading period (e.g. `.example.com`) to indicate
        /// all email addresses in that domain.
        pub permitted_email_addresses: std::vec::Vec<std::string::String>,

        /// Contains the excluded email addresses. The value can be a particular
        /// email address, a hostname to indicate all email addresses on that host or
        /// a domain with a leading period (e.g. `.example.com`) to indicate
        /// all email addresses in that domain.
        pub excluded_email_addresses: std::vec::Vec<std::string::String>,

        /// Contains the permitted URIs that apply to the host part of the name.
        /// The value can be a hostname or a domain with a
        /// leading period (like `.example.com`)
        pub permitted_uris: std::vec::Vec<std::string::String>,

        /// Contains the excluded URIs that apply to the host part of the name.
        /// The value can be a hostname or a domain with a
        /// leading period (like `.example.com`)
        pub excluded_uris: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl NameConstraints {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [critical][crate::model::x_509_parameters::NameConstraints::critical].
        pub fn set_critical<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.critical = v.into();
            self
        }

        /// Sets the value of [permitted_dns_names][crate::model::x_509_parameters::NameConstraints::permitted_dns_names].
        pub fn set_permitted_dns_names<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.permitted_dns_names = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [excluded_dns_names][crate::model::x_509_parameters::NameConstraints::excluded_dns_names].
        pub fn set_excluded_dns_names<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.excluded_dns_names = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [permitted_ip_ranges][crate::model::x_509_parameters::NameConstraints::permitted_ip_ranges].
        pub fn set_permitted_ip_ranges<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.permitted_ip_ranges = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [excluded_ip_ranges][crate::model::x_509_parameters::NameConstraints::excluded_ip_ranges].
        pub fn set_excluded_ip_ranges<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.excluded_ip_ranges = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [permitted_email_addresses][crate::model::x_509_parameters::NameConstraints::permitted_email_addresses].
        pub fn set_permitted_email_addresses<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.permitted_email_addresses = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [excluded_email_addresses][crate::model::x_509_parameters::NameConstraints::excluded_email_addresses].
        pub fn set_excluded_email_addresses<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.excluded_email_addresses = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [permitted_uris][crate::model::x_509_parameters::NameConstraints::permitted_uris].
        pub fn set_permitted_uris<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.permitted_uris = v.into_iter().map(|i| i.into()).collect();
            self
        }

        /// Sets the value of [excluded_uris][crate::model::x_509_parameters::NameConstraints::excluded_uris].
        pub fn set_excluded_uris<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.excluded_uris = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for NameConstraints {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.X509Parameters.NameConstraints"
        }
    }
}

/// Describes a subordinate CA's issuers. This is either a resource name to a
/// known issuing
/// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
/// or a PEM issuer certificate chain.
///
/// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct SubordinateConfig {
    pub subordinate_config:
        std::option::Option<crate::model::subordinate_config::SubordinateConfig>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl SubordinateConfig {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [subordinate_config][crate::model::SubordinateConfig::subordinate_config].
    ///
    /// Note that all the setters affecting `subordinate_config` are mutually
    /// exclusive.
    pub fn set_subordinate_config<
        T: std::convert::Into<
                std::option::Option<crate::model::subordinate_config::SubordinateConfig>,
            >,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.subordinate_config = v.into();
        self
    }

    /// The value of [subordinate_config][crate::model::SubordinateConfig::subordinate_config]
    /// if it holds a `CertificateAuthority`, `None` if the field is not set or
    /// holds a different branch.
    pub fn certificate_authority(&self) -> std::option::Option<&std::string::String> {
        #[allow(unreachable_patterns)]
        self.subordinate_config.as_ref().and_then(|v| match v {
            crate::model::subordinate_config::SubordinateConfig::CertificateAuthority(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [subordinate_config][crate::model::SubordinateConfig::subordinate_config]
    /// to hold a `CertificateAuthority`.
    ///
    /// Note that all the setters affecting `subordinate_config` are
    /// mutually exclusive.
    pub fn set_certificate_authority<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.subordinate_config = std::option::Option::Some(
            crate::model::subordinate_config::SubordinateConfig::CertificateAuthority(v.into()),
        );
        self
    }

    /// The value of [subordinate_config][crate::model::SubordinateConfig::subordinate_config]
    /// if it holds a `PemIssuerChain`, `None` if the field is not set or
    /// holds a different branch.
    pub fn pem_issuer_chain(
        &self,
    ) -> std::option::Option<
        &std::boxed::Box<crate::model::subordinate_config::SubordinateConfigChain>,
    > {
        #[allow(unreachable_patterns)]
        self.subordinate_config.as_ref().and_then(|v| match v {
            crate::model::subordinate_config::SubordinateConfig::PemIssuerChain(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [subordinate_config][crate::model::SubordinateConfig::subordinate_config]
    /// to hold a `PemIssuerChain`.
    ///
    /// Note that all the setters affecting `subordinate_config` are
    /// mutually exclusive.
    pub fn set_pem_issuer_chain<
        T: std::convert::Into<
                std::boxed::Box<crate::model::subordinate_config::SubordinateConfigChain>,
            >,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.subordinate_config = std::option::Option::Some(
            crate::model::subordinate_config::SubordinateConfig::PemIssuerChain(v.into()),
        );
        self
    }
}

impl wkt::message::Message for SubordinateConfig {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.SubordinateConfig"
    }
}

/// Defines additional types related to [SubordinateConfig].
pub mod subordinate_config {
    #[allow(unused_imports)]
    use super::*;

    /// This message describes a subordinate CA's issuer certificate chain. This
    /// wrapper exists for compatibility reasons.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct SubordinateConfigChain {
        /// Required. Expected to be in leaf-to-root order according to RFC 5246.
        pub pem_certificates: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl SubordinateConfigChain {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [pem_certificates][crate::model::subordinate_config::SubordinateConfigChain::pem_certificates].
        pub fn set_pem_certificates<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.pem_certificates = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for SubordinateConfigChain {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain"
        }
    }

    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum SubordinateConfig {
        /// Required. This can refer to a
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
        /// that was used to create a subordinate
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
        /// This field is used for information and usability purposes only. The
        /// resource name is in the format
        /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        CertificateAuthority(std::string::String),
        /// Required. Contains the PEM certificate chain for the issuers of this
        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
        /// but not pem certificate for this CA itself.
        ///
        /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
        PemIssuerChain(std::boxed::Box<crate::model::subordinate_config::SubordinateConfigChain>),
    }
}

/// A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a
/// public key.
///
/// [google.cloud.security.privateca.v1.PublicKey]: crate::model::PublicKey
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct PublicKey {
    /// Required. A public key. The padding and encoding
    /// must match with the `KeyFormat` value specified for the `format` field.
    pub key: ::bytes::Bytes,

    /// Required. The format of the public key.
    pub format: crate::model::public_key::KeyFormat,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl PublicKey {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [key][crate::model::PublicKey::key].
    pub fn set_key<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.key = v.into();
        self
    }

    /// Sets the value of [format][crate::model::PublicKey::format].
    pub fn set_format<T: std::convert::Into<crate::model::public_key::KeyFormat>>(
        mut self,
        v: T,
    ) -> Self {
        self.format = v.into();
        self
    }
}

impl wkt::message::Message for PublicKey {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.PublicKey"
    }
}

/// Defines additional types related to [PublicKey].
pub mod public_key {
    #[allow(unused_imports)]
    use super::*;

    /// Types of public keys formats that are supported. Currently, only `PEM`
    /// format is supported.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum KeyFormat {
        /// Default unspecified value.
        Unspecified,
        /// The key is PEM-encoded as defined in [RFC
        /// 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
        /// following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
        /// structure, an RFC 5280
        /// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
        /// or a PEM-encoded X.509 certificate signing request (CSR). If a
        /// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
        /// is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
        /// or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
        /// it will used solely for the purpose of extracting the public key. When
        /// generated by the service, it will always be an RFC 5280
        /// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
        /// structure containing an algorithm identifier and a key.
        Pem,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [KeyFormat::value] or
        /// [KeyFormat::name].
        UnknownValue(key_format::UnknownValue),
    }

    #[doc(hidden)]
    pub mod key_format {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl KeyFormat {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Pem => std::option::Option::Some(1),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("KEY_FORMAT_UNSPECIFIED"),
                Self::Pem => std::option::Option::Some("PEM"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for KeyFormat {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for KeyFormat {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for KeyFormat {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Pem,
                _ => Self::UnknownValue(key_format::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for KeyFormat {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "KEY_FORMAT_UNSPECIFIED" => Self::Unspecified,
                "PEM" => Self::Pem,
                _ => Self::UnknownValue(key_format::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for KeyFormat {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Pem => serializer.serialize_i32(1),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for KeyFormat {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<KeyFormat>::new(
                ".google.cloud.security.privateca.v1.PublicKey.KeyFormat",
            ))
        }
    }
}

/// A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig]
/// describes an X.509 certificate or CSR that is to be created, as an
/// alternative to using ASN.1.
///
/// [google.cloud.security.privateca.v1.CertificateConfig]: crate::model::CertificateConfig
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateConfig {
    /// Required. Specifies some of the values in a certificate that are related to
    /// the subject.
    pub subject_config: std::option::Option<crate::model::certificate_config::SubjectConfig>,

    /// Required. Describes how some of the technical X.509 fields in a certificate
    /// should be populated.
    pub x509_config: std::option::Option<crate::model::X509Parameters>,

    /// Optional. The public key that corresponds to this config. This is, for
    /// example, used when issuing
    /// [Certificates][google.cloud.security.privateca.v1.Certificate], but not
    /// when creating a self-signed
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// or
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// CSR.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub public_key: std::option::Option<crate::model::PublicKey>,

    /// Optional. When specified this provides a custom SKI to be used in the
    /// certificate. This should only be used to maintain a SKI of an existing CA
    /// originally created outside CA service, which was not generated using method
    /// (1) described in RFC 5280 section 4.2.1.2.
    pub subject_key_id: std::option::Option<crate::model::certificate_config::KeyId>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateConfig {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [subject_config][crate::model::CertificateConfig::subject_config].
    pub fn set_subject_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_config::SubjectConfig>,
    {
        self.subject_config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [subject_config][crate::model::CertificateConfig::subject_config].
    pub fn set_or_clear_subject_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_config::SubjectConfig>,
    {
        self.subject_config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [x509_config][crate::model::CertificateConfig::x509_config].
    pub fn set_x509_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::X509Parameters>,
    {
        self.x509_config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [x509_config][crate::model::CertificateConfig::x509_config].
    pub fn set_or_clear_x509_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::X509Parameters>,
    {
        self.x509_config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [public_key][crate::model::CertificateConfig::public_key].
    pub fn set_public_key<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::PublicKey>,
    {
        self.public_key = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [public_key][crate::model::CertificateConfig::public_key].
    pub fn set_or_clear_public_key<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::PublicKey>,
    {
        self.public_key = v.map(|x| x.into());
        self
    }

    /// Sets the value of [subject_key_id][crate::model::CertificateConfig::subject_key_id].
    pub fn set_subject_key_id<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_config::KeyId>,
    {
        self.subject_key_id = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [subject_key_id][crate::model::CertificateConfig::subject_key_id].
    pub fn set_or_clear_subject_key_id<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_config::KeyId>,
    {
        self.subject_key_id = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CertificateConfig {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateConfig"
    }
}

/// Defines additional types related to [CertificateConfig].
pub mod certificate_config {
    #[allow(unused_imports)]
    use super::*;

    /// These values are used to create the distinguished name and subject
    /// alternative name fields in an X.509 certificate.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct SubjectConfig {
        /// Optional. Contains distinguished name fields such as the common name,
        /// location and organization.
        pub subject: std::option::Option<crate::model::Subject>,

        /// Optional. The subject alternative name fields.
        pub subject_alt_name: std::option::Option<crate::model::SubjectAltNames>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl SubjectConfig {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [subject][crate::model::certificate_config::SubjectConfig::subject].
        pub fn set_subject<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::Subject>,
        {
            self.subject = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [subject][crate::model::certificate_config::SubjectConfig::subject].
        pub fn set_or_clear_subject<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::Subject>,
        {
            self.subject = v.map(|x| x.into());
            self
        }

        /// Sets the value of [subject_alt_name][crate::model::certificate_config::SubjectConfig::subject_alt_name].
        pub fn set_subject_alt_name<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::SubjectAltNames>,
        {
            self.subject_alt_name = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [subject_alt_name][crate::model::certificate_config::SubjectConfig::subject_alt_name].
        pub fn set_or_clear_subject_alt_name<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::SubjectAltNames>,
        {
            self.subject_alt_name = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for SubjectConfig {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig"
        }
    }

    /// A KeyId identifies a specific public key, usually by hashing the public
    /// key.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct KeyId {
        /// Required. The value of this KeyId encoded in lowercase hexadecimal. This
        /// is most likely the 160 bit SHA-1 hash of the public key.
        pub key_id: std::string::String,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl KeyId {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [key_id][crate::model::certificate_config::KeyId::key_id].
        pub fn set_key_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.key_id = v.into();
            self
        }
    }

    impl wkt::message::Message for KeyId {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateConfig.KeyId"
        }
    }
}

/// A
/// [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription]
/// describes an X.509 certificate or CSR that has been issued, as an alternative
/// to using ASN.1 / X.509.
///
/// [google.cloud.security.privateca.v1.CertificateDescription]: crate::model::CertificateDescription
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateDescription {
    /// Describes some of the values in a certificate that are related to the
    /// subject and lifetime.
    pub subject_description:
        std::option::Option<crate::model::certificate_description::SubjectDescription>,

    /// Describes some of the technical X.509 fields in a certificate.
    pub x509_description: std::option::Option<crate::model::X509Parameters>,

    /// The public key that corresponds to an issued certificate.
    pub public_key: std::option::Option<crate::model::PublicKey>,

    /// Provides a means of identifiying certificates that contain a particular
    /// public key, per <https://tools.ietf.org/html/rfc5280#section-4.2.1.2>.
    pub subject_key_id: std::option::Option<crate::model::certificate_description::KeyId>,

    /// Identifies the subject_key_id of the parent certificate, per
    /// <https://tools.ietf.org/html/rfc5280#section-4.2.1.1>
    pub authority_key_id: std::option::Option<crate::model::certificate_description::KeyId>,

    /// Describes a list of locations to obtain CRL information, i.e.
    /// the DistributionPoint.fullName described by
    /// <https://tools.ietf.org/html/rfc5280#section-4.2.1.13>
    pub crl_distribution_points: std::vec::Vec<std::string::String>,

    /// Describes lists of issuer CA certificate URLs that appear in the
    /// "Authority Information Access" extension in the certificate.
    pub aia_issuing_certificate_urls: std::vec::Vec<std::string::String>,

    /// The hash of the x.509 certificate.
    pub cert_fingerprint:
        std::option::Option<crate::model::certificate_description::CertificateFingerprint>,

    /// The hash of the pre-signed certificate, which will be signed by the CA.
    /// Corresponds to the TBS Certificate in
    /// <https://tools.ietf.org/html/rfc5280#section-4.1.2>. The field will always be
    /// populated.
    pub tbs_certificate_digest: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateDescription {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [subject_description][crate::model::CertificateDescription::subject_description].
    pub fn set_subject_description<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::SubjectDescription>,
    {
        self.subject_description = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [subject_description][crate::model::CertificateDescription::subject_description].
    pub fn set_or_clear_subject_description<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::SubjectDescription>,
    {
        self.subject_description = v.map(|x| x.into());
        self
    }

    /// Sets the value of [x509_description][crate::model::CertificateDescription::x509_description].
    pub fn set_x509_description<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::X509Parameters>,
    {
        self.x509_description = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [x509_description][crate::model::CertificateDescription::x509_description].
    pub fn set_or_clear_x509_description<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::X509Parameters>,
    {
        self.x509_description = v.map(|x| x.into());
        self
    }

    /// Sets the value of [public_key][crate::model::CertificateDescription::public_key].
    pub fn set_public_key<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::PublicKey>,
    {
        self.public_key = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [public_key][crate::model::CertificateDescription::public_key].
    pub fn set_or_clear_public_key<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::PublicKey>,
    {
        self.public_key = v.map(|x| x.into());
        self
    }

    /// Sets the value of [subject_key_id][crate::model::CertificateDescription::subject_key_id].
    pub fn set_subject_key_id<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::KeyId>,
    {
        self.subject_key_id = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [subject_key_id][crate::model::CertificateDescription::subject_key_id].
    pub fn set_or_clear_subject_key_id<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::KeyId>,
    {
        self.subject_key_id = v.map(|x| x.into());
        self
    }

    /// Sets the value of [authority_key_id][crate::model::CertificateDescription::authority_key_id].
    pub fn set_authority_key_id<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::KeyId>,
    {
        self.authority_key_id = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [authority_key_id][crate::model::CertificateDescription::authority_key_id].
    pub fn set_or_clear_authority_key_id<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::KeyId>,
    {
        self.authority_key_id = v.map(|x| x.into());
        self
    }

    /// Sets the value of [crl_distribution_points][crate::model::CertificateDescription::crl_distribution_points].
    pub fn set_crl_distribution_points<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.crl_distribution_points = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [aia_issuing_certificate_urls][crate::model::CertificateDescription::aia_issuing_certificate_urls].
    pub fn set_aia_issuing_certificate_urls<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.aia_issuing_certificate_urls = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [cert_fingerprint][crate::model::CertificateDescription::cert_fingerprint].
    pub fn set_cert_fingerprint<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::CertificateFingerprint>,
    {
        self.cert_fingerprint = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [cert_fingerprint][crate::model::CertificateDescription::cert_fingerprint].
    pub fn set_or_clear_cert_fingerprint<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::certificate_description::CertificateFingerprint>,
    {
        self.cert_fingerprint = v.map(|x| x.into());
        self
    }

    /// Sets the value of [tbs_certificate_digest][crate::model::CertificateDescription::tbs_certificate_digest].
    pub fn set_tbs_certificate_digest<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.tbs_certificate_digest = v.into();
        self
    }
}

impl wkt::message::Message for CertificateDescription {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateDescription"
    }
}

/// Defines additional types related to [CertificateDescription].
pub mod certificate_description {
    #[allow(unused_imports)]
    use super::*;

    /// These values describe fields in an issued X.509 certificate such as the
    /// distinguished name, subject alternative names, serial number, and lifetime.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct SubjectDescription {
        /// Contains distinguished name fields such as the common name, location and
        /// / organization.
        pub subject: std::option::Option<crate::model::Subject>,

        /// The subject alternative name fields.
        pub subject_alt_name: std::option::Option<crate::model::SubjectAltNames>,

        /// The serial number encoded in lowercase hexadecimal.
        pub hex_serial_number: std::string::String,

        /// For convenience, the actual lifetime of an issued certificate.
        pub lifetime: std::option::Option<wkt::Duration>,

        /// The time at which the certificate becomes valid.
        pub not_before_time: std::option::Option<wkt::Timestamp>,

        /// The time after which the certificate is expired.
        /// Per RFC 5280, the validity period for a certificate is the period of time
        /// from not_before_time through not_after_time, inclusive.
        /// Corresponds to 'not_before_time' + 'lifetime' - 1 second.
        pub not_after_time: std::option::Option<wkt::Timestamp>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl SubjectDescription {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [subject][crate::model::certificate_description::SubjectDescription::subject].
        pub fn set_subject<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::Subject>,
        {
            self.subject = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [subject][crate::model::certificate_description::SubjectDescription::subject].
        pub fn set_or_clear_subject<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::Subject>,
        {
            self.subject = v.map(|x| x.into());
            self
        }

        /// Sets the value of [subject_alt_name][crate::model::certificate_description::SubjectDescription::subject_alt_name].
        pub fn set_subject_alt_name<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<crate::model::SubjectAltNames>,
        {
            self.subject_alt_name = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [subject_alt_name][crate::model::certificate_description::SubjectDescription::subject_alt_name].
        pub fn set_or_clear_subject_alt_name<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<crate::model::SubjectAltNames>,
        {
            self.subject_alt_name = v.map(|x| x.into());
            self
        }

        /// Sets the value of [hex_serial_number][crate::model::certificate_description::SubjectDescription::hex_serial_number].
        pub fn set_hex_serial_number<T: std::convert::Into<std::string::String>>(
            mut self,
            v: T,
        ) -> Self {
            self.hex_serial_number = v.into();
            self
        }

        /// Sets the value of [lifetime][crate::model::certificate_description::SubjectDescription::lifetime].
        pub fn set_lifetime<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<wkt::Duration>,
        {
            self.lifetime = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [lifetime][crate::model::certificate_description::SubjectDescription::lifetime].
        pub fn set_or_clear_lifetime<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<wkt::Duration>,
        {
            self.lifetime = v.map(|x| x.into());
            self
        }

        /// Sets the value of [not_before_time][crate::model::certificate_description::SubjectDescription::not_before_time].
        pub fn set_not_before_time<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<wkt::Timestamp>,
        {
            self.not_before_time = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [not_before_time][crate::model::certificate_description::SubjectDescription::not_before_time].
        pub fn set_or_clear_not_before_time<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<wkt::Timestamp>,
        {
            self.not_before_time = v.map(|x| x.into());
            self
        }

        /// Sets the value of [not_after_time][crate::model::certificate_description::SubjectDescription::not_after_time].
        pub fn set_not_after_time<T>(mut self, v: T) -> Self
        where
            T: std::convert::Into<wkt::Timestamp>,
        {
            self.not_after_time = std::option::Option::Some(v.into());
            self
        }

        /// Sets or clears the value of [not_after_time][crate::model::certificate_description::SubjectDescription::not_after_time].
        pub fn set_or_clear_not_after_time<T>(mut self, v: std::option::Option<T>) -> Self
        where
            T: std::convert::Into<wkt::Timestamp>,
        {
            self.not_after_time = v.map(|x| x.into());
            self
        }
    }

    impl wkt::message::Message for SubjectDescription {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription"
        }
    }

    /// A KeyId identifies a specific public key, usually by hashing the public
    /// key.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct KeyId {
        /// Optional. The value of this KeyId encoded in lowercase hexadecimal. This
        /// is most likely the 160 bit SHA-1 hash of the public key.
        pub key_id: std::string::String,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl KeyId {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [key_id][crate::model::certificate_description::KeyId::key_id].
        pub fn set_key_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.key_id = v.into();
            self
        }
    }

    impl wkt::message::Message for KeyId {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateDescription.KeyId"
        }
    }

    /// A group of fingerprints for the x509 certificate.
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct CertificateFingerprint {
        /// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
        pub sha256_hash: std::string::String,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl CertificateFingerprint {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [sha256_hash][crate::model::certificate_description::CertificateFingerprint::sha256_hash].
        pub fn set_sha256_hash<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
            self.sha256_hash = v.into();
            self
        }
    }

    impl wkt::message::Message for CertificateFingerprint {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint"
        }
    }
}

/// An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an
/// object identifier (OID). These provide context and describe types in ASN.1
/// messages.
///
/// [google.cloud.security.privateca.v1.ObjectId]: crate::model::ObjectId
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ObjectId {
    /// Required. The parts of an OID path. The most significant parts of the path
    /// come first.
    pub object_id_path: std::vec::Vec<i32>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ObjectId {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [object_id_path][crate::model::ObjectId::object_id_path].
    pub fn set_object_id_path<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<i32>,
    {
        use std::iter::Iterator;
        self.object_id_path = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ObjectId {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ObjectId"
    }
}

/// An [X509Extension][google.cloud.security.privateca.v1.X509Extension]
/// specifies an X.509 extension, which may be used in different parts of X.509
/// objects like certificates, CSRs, and CRLs.
///
/// [google.cloud.security.privateca.v1.X509Extension]: crate::model::X509Extension
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct X509Extension {
    /// Required. The OID for this X.509 extension.
    pub object_id: std::option::Option<crate::model::ObjectId>,

    /// Optional. Indicates whether or not this extension is critical (i.e., if the
    /// client does not know how to handle this extension, the client should
    /// consider this to be an error).
    pub critical: bool,

    /// Required. The value of this X.509 extension.
    pub value: ::bytes::Bytes,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl X509Extension {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [object_id][crate::model::X509Extension::object_id].
    pub fn set_object_id<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::ObjectId>,
    {
        self.object_id = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [object_id][crate::model::X509Extension::object_id].
    pub fn set_or_clear_object_id<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::ObjectId>,
    {
        self.object_id = v.map(|x| x.into());
        self
    }

    /// Sets the value of [critical][crate::model::X509Extension::critical].
    pub fn set_critical<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.critical = v.into();
        self
    }

    /// Sets the value of [value][crate::model::X509Extension::value].
    pub fn set_value<T: std::convert::Into<::bytes::Bytes>>(mut self, v: T) -> Self {
        self.value = v.into();
        self
    }
}

impl wkt::message::Message for X509Extension {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.X509Extension"
    }
}

/// A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage
/// values that may appear in an X.509 certificate.
///
/// [google.cloud.security.privateca.v1.KeyUsage]: crate::model::KeyUsage
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct KeyUsage {
    /// Describes high-level ways in which a key may be used.
    pub base_key_usage: std::option::Option<crate::model::key_usage::KeyUsageOptions>,

    /// Detailed scenarios in which a key may be used.
    pub extended_key_usage: std::option::Option<crate::model::key_usage::ExtendedKeyUsageOptions>,

    /// Used to describe extended key usages that are not listed in the
    /// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
    /// message.
    ///
    /// [google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]: crate::model::key_usage::ExtendedKeyUsageOptions
    pub unknown_extended_key_usages: std::vec::Vec<crate::model::ObjectId>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl KeyUsage {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [base_key_usage][crate::model::KeyUsage::base_key_usage].
    pub fn set_base_key_usage<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::key_usage::KeyUsageOptions>,
    {
        self.base_key_usage = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [base_key_usage][crate::model::KeyUsage::base_key_usage].
    pub fn set_or_clear_base_key_usage<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::key_usage::KeyUsageOptions>,
    {
        self.base_key_usage = v.map(|x| x.into());
        self
    }

    /// Sets the value of [extended_key_usage][crate::model::KeyUsage::extended_key_usage].
    pub fn set_extended_key_usage<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::key_usage::ExtendedKeyUsageOptions>,
    {
        self.extended_key_usage = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [extended_key_usage][crate::model::KeyUsage::extended_key_usage].
    pub fn set_or_clear_extended_key_usage<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::key_usage::ExtendedKeyUsageOptions>,
    {
        self.extended_key_usage = v.map(|x| x.into());
        self
    }

    /// Sets the value of [unknown_extended_key_usages][crate::model::KeyUsage::unknown_extended_key_usages].
    pub fn set_unknown_extended_key_usages<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ObjectId>,
    {
        use std::iter::Iterator;
        self.unknown_extended_key_usages = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for KeyUsage {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.KeyUsage"
    }
}

/// Defines additional types related to [KeyUsage].
pub mod key_usage {
    #[allow(unused_imports)]
    use super::*;

    /// [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions]
    /// corresponds to the key usage values described in
    /// <https://tools.ietf.org/html/rfc5280#section-4.2.1.3>.
    ///
    /// [google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions]: crate::model::key_usage::KeyUsageOptions
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct KeyUsageOptions {
        /// The key may be used for digital signatures.
        pub digital_signature: bool,

        /// The key may be used for cryptographic commitments. Note that this may
        /// also be referred to as "non-repudiation".
        pub content_commitment: bool,

        /// The key may be used to encipher other keys.
        pub key_encipherment: bool,

        /// The key may be used to encipher data.
        pub data_encipherment: bool,

        /// The key may be used in a key agreement protocol.
        pub key_agreement: bool,

        /// The key may be used to sign certificates.
        pub cert_sign: bool,

        /// The key may be used sign certificate revocation lists.
        pub crl_sign: bool,

        /// The key may be used to encipher only.
        pub encipher_only: bool,

        /// The key may be used to decipher only.
        pub decipher_only: bool,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl KeyUsageOptions {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [digital_signature][crate::model::key_usage::KeyUsageOptions::digital_signature].
        pub fn set_digital_signature<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.digital_signature = v.into();
            self
        }

        /// Sets the value of [content_commitment][crate::model::key_usage::KeyUsageOptions::content_commitment].
        pub fn set_content_commitment<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.content_commitment = v.into();
            self
        }

        /// Sets the value of [key_encipherment][crate::model::key_usage::KeyUsageOptions::key_encipherment].
        pub fn set_key_encipherment<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.key_encipherment = v.into();
            self
        }

        /// Sets the value of [data_encipherment][crate::model::key_usage::KeyUsageOptions::data_encipherment].
        pub fn set_data_encipherment<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.data_encipherment = v.into();
            self
        }

        /// Sets the value of [key_agreement][crate::model::key_usage::KeyUsageOptions::key_agreement].
        pub fn set_key_agreement<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.key_agreement = v.into();
            self
        }

        /// Sets the value of [cert_sign][crate::model::key_usage::KeyUsageOptions::cert_sign].
        pub fn set_cert_sign<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.cert_sign = v.into();
            self
        }

        /// Sets the value of [crl_sign][crate::model::key_usage::KeyUsageOptions::crl_sign].
        pub fn set_crl_sign<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.crl_sign = v.into();
            self
        }

        /// Sets the value of [encipher_only][crate::model::key_usage::KeyUsageOptions::encipher_only].
        pub fn set_encipher_only<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.encipher_only = v.into();
            self
        }

        /// Sets the value of [decipher_only][crate::model::key_usage::KeyUsageOptions::decipher_only].
        pub fn set_decipher_only<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.decipher_only = v.into();
            self
        }
    }

    impl wkt::message::Message for KeyUsageOptions {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions"
        }
    }

    /// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
    /// has fields that correspond to certain common OIDs that could be specified
    /// as an extended key usage value.
    ///
    /// [google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]: crate::model::key_usage::ExtendedKeyUsageOptions
    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct ExtendedKeyUsageOptions {
        /// Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
        /// server authentication", though regularly used for non-WWW TLS.
        pub server_auth: bool,

        /// Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
        /// client authentication", though regularly used for non-WWW TLS.
        pub client_auth: bool,

        /// Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
        /// downloadable executable code client authentication".
        pub code_signing: bool,

        /// Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
        /// protection".
        pub email_protection: bool,

        /// Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
        /// the hash of an object to a time".
        pub time_stamping: bool,

        /// Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
        /// OCSP responses".
        pub ocsp_signing: bool,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl ExtendedKeyUsageOptions {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [server_auth][crate::model::key_usage::ExtendedKeyUsageOptions::server_auth].
        pub fn set_server_auth<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.server_auth = v.into();
            self
        }

        /// Sets the value of [client_auth][crate::model::key_usage::ExtendedKeyUsageOptions::client_auth].
        pub fn set_client_auth<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.client_auth = v.into();
            self
        }

        /// Sets the value of [code_signing][crate::model::key_usage::ExtendedKeyUsageOptions::code_signing].
        pub fn set_code_signing<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.code_signing = v.into();
            self
        }

        /// Sets the value of [email_protection][crate::model::key_usage::ExtendedKeyUsageOptions::email_protection].
        pub fn set_email_protection<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.email_protection = v.into();
            self
        }

        /// Sets the value of [time_stamping][crate::model::key_usage::ExtendedKeyUsageOptions::time_stamping].
        pub fn set_time_stamping<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.time_stamping = v.into();
            self
        }

        /// Sets the value of [ocsp_signing][crate::model::key_usage::ExtendedKeyUsageOptions::ocsp_signing].
        pub fn set_ocsp_signing<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
            self.ocsp_signing = v.into();
            self
        }
    }

    impl wkt::message::Message for ExtendedKeyUsageOptions {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions"
        }
    }
}

/// [AttributeTypeAndValue][google.cloud.security.privateca.v1.AttributeTypeAndValue]
/// specifies an attribute type and value. It can use either a OID or enum value
/// to specify the attribute type.
///
/// [google.cloud.security.privateca.v1.AttributeTypeAndValue]: crate::model::AttributeTypeAndValue
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct AttributeTypeAndValue {
    /// The value for the attribute type.
    pub value: std::string::String,

    /// The attribute type for the attribute and value pair.
    pub attribute_type: std::option::Option<crate::model::attribute_type_and_value::AttributeType>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AttributeTypeAndValue {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [value][crate::model::AttributeTypeAndValue::value].
    pub fn set_value<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.value = v.into();
        self
    }

    /// Sets the value of [attribute_type][crate::model::AttributeTypeAndValue::attribute_type].
    ///
    /// Note that all the setters affecting `attribute_type` are mutually
    /// exclusive.
    pub fn set_attribute_type<
        T: std::convert::Into<
                std::option::Option<crate::model::attribute_type_and_value::AttributeType>,
            >,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.attribute_type = v.into();
        self
    }

    /// The value of [attribute_type][crate::model::AttributeTypeAndValue::attribute_type]
    /// if it holds a `Type`, `None` if the field is not set or
    /// holds a different branch.
    pub fn r#type(&self) -> std::option::Option<&crate::model::AttributeType> {
        #[allow(unreachable_patterns)]
        self.attribute_type.as_ref().and_then(|v| match v {
            crate::model::attribute_type_and_value::AttributeType::Type(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [attribute_type][crate::model::AttributeTypeAndValue::attribute_type]
    /// to hold a `Type`.
    ///
    /// Note that all the setters affecting `attribute_type` are
    /// mutually exclusive.
    pub fn set_type<T: std::convert::Into<crate::model::AttributeType>>(mut self, v: T) -> Self {
        self.attribute_type = std::option::Option::Some(
            crate::model::attribute_type_and_value::AttributeType::Type(v.into()),
        );
        self
    }

    /// The value of [attribute_type][crate::model::AttributeTypeAndValue::attribute_type]
    /// if it holds a `ObjectId`, `None` if the field is not set or
    /// holds a different branch.
    pub fn object_id(&self) -> std::option::Option<&std::boxed::Box<crate::model::ObjectId>> {
        #[allow(unreachable_patterns)]
        self.attribute_type.as_ref().and_then(|v| match v {
            crate::model::attribute_type_and_value::AttributeType::ObjectId(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [attribute_type][crate::model::AttributeTypeAndValue::attribute_type]
    /// to hold a `ObjectId`.
    ///
    /// Note that all the setters affecting `attribute_type` are
    /// mutually exclusive.
    pub fn set_object_id<T: std::convert::Into<std::boxed::Box<crate::model::ObjectId>>>(
        mut self,
        v: T,
    ) -> Self {
        self.attribute_type = std::option::Option::Some(
            crate::model::attribute_type_and_value::AttributeType::ObjectId(v.into()),
        );
        self
    }
}

impl wkt::message::Message for AttributeTypeAndValue {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.AttributeTypeAndValue"
    }
}

/// Defines additional types related to [AttributeTypeAndValue].
pub mod attribute_type_and_value {
    #[allow(unused_imports)]
    use super::*;

    /// The attribute type for the attribute and value pair.
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum AttributeType {
        /// The attribute type of the attribute and value pair.
        Type(crate::model::AttributeType),
        /// Object ID for an attribute type of an attribute and value pair.
        ObjectId(std::boxed::Box<crate::model::ObjectId>),
    }
}

/// [RelativeDistinguishedName][google.cloud.security.privateca.v1.RelativeDistinguishedName]
/// specifies a relative distinguished name which will be used to build a
/// distinguished name.
///
/// [google.cloud.security.privateca.v1.RelativeDistinguishedName]: crate::model::RelativeDistinguishedName
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RelativeDistinguishedName {
    /// Attributes describes the attribute value assertions in the RDN.
    pub attributes: std::vec::Vec<crate::model::AttributeTypeAndValue>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RelativeDistinguishedName {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [attributes][crate::model::RelativeDistinguishedName::attributes].
    pub fn set_attributes<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AttributeTypeAndValue>,
    {
        use std::iter::Iterator;
        self.attributes = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for RelativeDistinguishedName {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.RelativeDistinguishedName"
    }
}

/// [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a
/// distinguished name that, in turn, describes the subject of the certificate.
///
/// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct Subject {
    /// The "common name" of the subject.
    pub common_name: std::string::String,

    /// The country code of the subject.
    pub country_code: std::string::String,

    /// The organization of the subject.
    pub organization: std::string::String,

    /// The organizational_unit of the subject.
    pub organizational_unit: std::string::String,

    /// The locality or city of the subject.
    pub locality: std::string::String,

    /// The province, territory, or regional state of the subject.
    pub province: std::string::String,

    /// The street address of the subject.
    pub street_address: std::string::String,

    /// The postal code of the subject.
    pub postal_code: std::string::String,

    /// This field can be used in place of the named subject fields.
    pub rdn_sequence: std::vec::Vec<crate::model::RelativeDistinguishedName>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Subject {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [common_name][crate::model::Subject::common_name].
    pub fn set_common_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.common_name = v.into();
        self
    }

    /// Sets the value of [country_code][crate::model::Subject::country_code].
    pub fn set_country_code<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.country_code = v.into();
        self
    }

    /// Sets the value of [organization][crate::model::Subject::organization].
    pub fn set_organization<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.organization = v.into();
        self
    }

    /// Sets the value of [organizational_unit][crate::model::Subject::organizational_unit].
    pub fn set_organizational_unit<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.organizational_unit = v.into();
        self
    }

    /// Sets the value of [locality][crate::model::Subject::locality].
    pub fn set_locality<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.locality = v.into();
        self
    }

    /// Sets the value of [province][crate::model::Subject::province].
    pub fn set_province<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.province = v.into();
        self
    }

    /// Sets the value of [street_address][crate::model::Subject::street_address].
    pub fn set_street_address<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.street_address = v.into();
        self
    }

    /// Sets the value of [postal_code][crate::model::Subject::postal_code].
    pub fn set_postal_code<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.postal_code = v.into();
        self
    }

    /// Sets the value of [rdn_sequence][crate::model::Subject::rdn_sequence].
    pub fn set_rdn_sequence<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::RelativeDistinguishedName>,
    {
        use std::iter::Iterator;
        self.rdn_sequence = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for Subject {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.Subject"
    }
}

/// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
/// corresponds to a more modern way of listing what the asserted identity is in
/// a certificate (i.e., compared to the "common name" in the distinguished
/// name).
///
/// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct SubjectAltNames {
    /// Contains only valid, fully-qualified host names.
    pub dns_names: std::vec::Vec<std::string::String>,

    /// Contains only valid RFC 3986 URIs.
    pub uris: std::vec::Vec<std::string::String>,

    /// Contains only valid RFC 2822 E-mail addresses.
    pub email_addresses: std::vec::Vec<std::string::String>,

    /// Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
    pub ip_addresses: std::vec::Vec<std::string::String>,

    /// Contains additional subject alternative name values.
    /// For each custom_san, the `value` field must contain an ASN.1 encoded
    /// UTF8String.
    pub custom_sans: std::vec::Vec<crate::model::X509Extension>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl SubjectAltNames {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [dns_names][crate::model::SubjectAltNames::dns_names].
    pub fn set_dns_names<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.dns_names = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [uris][crate::model::SubjectAltNames::uris].
    pub fn set_uris<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.uris = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [email_addresses][crate::model::SubjectAltNames::email_addresses].
    pub fn set_email_addresses<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.email_addresses = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [ip_addresses][crate::model::SubjectAltNames::ip_addresses].
    pub fn set_ip_addresses<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.ip_addresses = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [custom_sans][crate::model::SubjectAltNames::custom_sans].
    pub fn set_custom_sans<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::X509Extension>,
    {
        use std::iter::Iterator;
        self.custom_sans = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for SubjectAltNames {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.SubjectAltNames"
    }
}

/// Describes constraints on a
/// [Certificate][google.cloud.security.privateca.v1.Certificate]'s
/// [Subject][google.cloud.security.privateca.v1.Subject] and
/// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
///
/// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
/// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
/// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateIdentityConstraints {
    /// Optional. A CEL expression that may be used to validate the resolved X.509
    /// Subject and/or Subject Alternative Name before a certificate is signed. To
    /// see the full allowed syntax and some examples, see
    /// <https://cloud.google.com/certificate-authority-service/docs/using-cel>
    pub cel_expression: std::option::Option<gtype::model::Expr>,

    /// Required. If this is true, the
    /// [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
    /// from a certificate request into the signed certificate. Otherwise, the
    /// requested [Subject][google.cloud.security.privateca.v1.Subject] will be
    /// discarded.
    ///
    /// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
    pub allow_subject_passthrough: std::option::Option<bool>,

    /// Required. If this is true, the
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
    /// extension may be copied from a certificate request into the signed
    /// certificate. Otherwise, the requested
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
    /// be discarded.
    ///
    /// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
    pub allow_subject_alt_names_passthrough: std::option::Option<bool>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateIdentityConstraints {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [cel_expression][crate::model::CertificateIdentityConstraints::cel_expression].
    pub fn set_cel_expression<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<gtype::model::Expr>,
    {
        self.cel_expression = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [cel_expression][crate::model::CertificateIdentityConstraints::cel_expression].
    pub fn set_or_clear_cel_expression<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<gtype::model::Expr>,
    {
        self.cel_expression = v.map(|x| x.into());
        self
    }

    /// Sets the value of [allow_subject_passthrough][crate::model::CertificateIdentityConstraints::allow_subject_passthrough].
    pub fn set_allow_subject_passthrough<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<bool>,
    {
        self.allow_subject_passthrough = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [allow_subject_passthrough][crate::model::CertificateIdentityConstraints::allow_subject_passthrough].
    pub fn set_or_clear_allow_subject_passthrough<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<bool>,
    {
        self.allow_subject_passthrough = v.map(|x| x.into());
        self
    }

    /// Sets the value of [allow_subject_alt_names_passthrough][crate::model::CertificateIdentityConstraints::allow_subject_alt_names_passthrough].
    pub fn set_allow_subject_alt_names_passthrough<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<bool>,
    {
        self.allow_subject_alt_names_passthrough = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [allow_subject_alt_names_passthrough][crate::model::CertificateIdentityConstraints::allow_subject_alt_names_passthrough].
    pub fn set_or_clear_allow_subject_alt_names_passthrough<T>(
        mut self,
        v: std::option::Option<T>,
    ) -> Self
    where
        T: std::convert::Into<bool>,
    {
        self.allow_subject_alt_names_passthrough = v.map(|x| x.into());
        self
    }
}

impl wkt::message::Message for CertificateIdentityConstraints {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateIdentityConstraints"
    }
}

/// Describes a set of X.509 extensions that may be part of some certificate
/// issuance controls.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CertificateExtensionConstraints {
    /// Optional. A set of named X.509 extensions. Will be combined with
    /// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
    /// to determine the full set of X.509 extensions.
    ///
    /// [google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]: crate::model::CertificateExtensionConstraints::additional_extensions
    pub known_extensions:
        std::vec::Vec<crate::model::certificate_extension_constraints::KnownCertificateExtension>,

    /// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
    /// identifying custom X.509 extensions. Will be combined with
    /// [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
    /// to determine the full set of X.509 extensions.
    ///
    /// [google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]: crate::model::CertificateExtensionConstraints::known_extensions
    /// [google.cloud.security.privateca.v1.ObjectId]: crate::model::ObjectId
    pub additional_extensions: std::vec::Vec<crate::model::ObjectId>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CertificateExtensionConstraints {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [known_extensions][crate::model::CertificateExtensionConstraints::known_extensions].
    pub fn set_known_extensions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<
                crate::model::certificate_extension_constraints::KnownCertificateExtension,
            >,
    {
        use std::iter::Iterator;
        self.known_extensions = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [additional_extensions][crate::model::CertificateExtensionConstraints::additional_extensions].
    pub fn set_additional_extensions<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::ObjectId>,
    {
        use std::iter::Iterator;
        self.additional_extensions = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for CertificateExtensionConstraints {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CertificateExtensionConstraints"
    }
}

/// Defines additional types related to [CertificateExtensionConstraints].
pub mod certificate_extension_constraints {
    #[allow(unused_imports)]
    use super::*;

    /// Describes well-known X.509 extensions that can appear in a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate], not
    /// including the
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
    /// extension.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum KnownCertificateExtension {
        /// Not specified.
        Unspecified,
        /// Refers to a certificate's Key Usage extension, as described in [RFC 5280
        /// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
        /// This corresponds to the
        /// [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage]
        /// field.
        ///
        /// [google.cloud.security.privateca.v1.KeyUsage.base_key_usage]: crate::model::KeyUsage::base_key_usage
        BaseKeyUsage,
        /// Refers to a certificate's Extended Key Usage extension, as described in
        /// [RFC 5280
        /// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
        /// This corresponds to the
        /// [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]
        /// message.
        ///
        /// [google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]: crate::model::KeyUsage::extended_key_usage
        ExtendedKeyUsage,
        /// Refers to a certificate's Basic Constraints extension, as described in
        /// [RFC 5280
        /// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
        /// This corresponds to the
        /// [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options]
        /// field.
        ///
        /// [google.cloud.security.privateca.v1.X509Parameters.ca_options]: crate::model::X509Parameters::ca_options
        CaOptions,
        /// Refers to a certificate's Policy object identifiers, as described in
        /// [RFC 5280
        /// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
        /// This corresponds to the
        /// [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids]
        /// field.
        ///
        /// [google.cloud.security.privateca.v1.X509Parameters.policy_ids]: crate::model::X509Parameters::policy_ids
        PolicyIds,
        /// Refers to OCSP servers in a certificate's Authority Information Access
        /// extension, as described in
        /// [RFC 5280
        /// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
        /// This corresponds to the
        /// [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]
        /// field.
        ///
        /// [google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]: crate::model::X509Parameters::aia_ocsp_servers
        AiaOcspServers,
        /// Refers to Name Constraints extension as described in
        /// [RFC 5280
        /// section 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
        NameConstraints,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [KnownCertificateExtension::value] or
        /// [KnownCertificateExtension::name].
        UnknownValue(known_certificate_extension::UnknownValue),
    }

    #[doc(hidden)]
    pub mod known_certificate_extension {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl KnownCertificateExtension {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::BaseKeyUsage => std::option::Option::Some(1),
                Self::ExtendedKeyUsage => std::option::Option::Some(2),
                Self::CaOptions => std::option::Option::Some(3),
                Self::PolicyIds => std::option::Option::Some(4),
                Self::AiaOcspServers => std::option::Option::Some(5),
                Self::NameConstraints => std::option::Option::Some(6),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => {
                    std::option::Option::Some("KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED")
                }
                Self::BaseKeyUsage => std::option::Option::Some("BASE_KEY_USAGE"),
                Self::ExtendedKeyUsage => std::option::Option::Some("EXTENDED_KEY_USAGE"),
                Self::CaOptions => std::option::Option::Some("CA_OPTIONS"),
                Self::PolicyIds => std::option::Option::Some("POLICY_IDS"),
                Self::AiaOcspServers => std::option::Option::Some("AIA_OCSP_SERVERS"),
                Self::NameConstraints => std::option::Option::Some("NAME_CONSTRAINTS"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for KnownCertificateExtension {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for KnownCertificateExtension {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for KnownCertificateExtension {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::BaseKeyUsage,
                2 => Self::ExtendedKeyUsage,
                3 => Self::CaOptions,
                4 => Self::PolicyIds,
                5 => Self::AiaOcspServers,
                6 => Self::NameConstraints,
                _ => Self::UnknownValue(known_certificate_extension::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for KnownCertificateExtension {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED" => Self::Unspecified,
                "BASE_KEY_USAGE" => Self::BaseKeyUsage,
                "EXTENDED_KEY_USAGE" => Self::ExtendedKeyUsage,
                "CA_OPTIONS" => Self::CaOptions,
                "POLICY_IDS" => Self::PolicyIds,
                "AIA_OCSP_SERVERS" => Self::AiaOcspServers,
                "NAME_CONSTRAINTS" => Self::NameConstraints,
                _ => Self::UnknownValue(known_certificate_extension::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for KnownCertificateExtension {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::BaseKeyUsage => serializer.serialize_i32(1),
                Self::ExtendedKeyUsage => serializer.serialize_i32(2),
                Self::CaOptions => serializer.serialize_i32(3),
                Self::PolicyIds => serializer.serialize_i32(4),
                Self::AiaOcspServers => serializer.serialize_i32(5),
                Self::NameConstraints => serializer.serialize_i32(6),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for KnownCertificateExtension {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<KnownCertificateExtension>::new(
                ".google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension"))
        }
    }
}

/// Request message for
/// [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate]: crate::client::CertificateAuthorityService::create_certificate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateCertificateRequest {
    /// Required. The resource name of the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
    /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
    /// format `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub parent: std::string::String,

    /// Optional. It must be unique within a location and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the Enterprise
    /// [CertificateAuthority.tier][google.cloud.security.privateca.v1.CertificateAuthority.tier],
    /// but is optional and its value is ignored otherwise.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CertificateAuthority.tier]: crate::model::CertificateAuthority::tier
    pub certificate_id: std::string::String,

    /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
    /// with initial field values.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub certificate: std::option::Option<crate::model::Certificate>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and the
    /// request times out. If you make the request again with the same request ID,
    /// the server can check if original operation with the same request ID was
    /// received, and if so, will ignore the second request. This prevents clients
    /// from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    /// Optional. If this is true, no
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
    /// be persisted regardless of the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
    /// [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] will not
    /// contain the
    /// [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
    /// field.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.tier]: crate::model::CaPool::tier
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.Certificate.pem_certificate]: crate::model::Certificate::pem_certificate
    pub validate_only: bool,

    /// Optional. The resource ID of the
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// that should issue the certificate.  This optional field will ignore the
    /// load-balancing scheme of the Pool and directly issue the certificate from
    /// the CA with the specified ID, contained in the same
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
    /// Per-CA quota rules apply. If left empty, a
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
    /// by the service. For example, to issue a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] from a
    /// Certificate Authority with resource name
    /// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
    /// you can set the
    /// [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
    /// to "projects/my-project/locations/us-central1/caPools/my-pool" and the
    /// [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
    /// to "my-ca".
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]: crate::model::CreateCertificateRequest::issuing_certificate_authority_id
    /// [google.cloud.security.privateca.v1.CreateCertificateRequest.parent]: crate::model::CreateCertificateRequest::parent
    pub issuing_certificate_authority_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateCertificateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateCertificateRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [certificate_id][crate::model::CreateCertificateRequest::certificate_id].
    pub fn set_certificate_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.certificate_id = v.into();
        self
    }

    /// Sets the value of [certificate][crate::model::CreateCertificateRequest::certificate].
    pub fn set_certificate<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::Certificate>,
    {
        self.certificate = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate][crate::model::CreateCertificateRequest::certificate].
    pub fn set_or_clear_certificate<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::Certificate>,
    {
        self.certificate = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::CreateCertificateRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }

    /// Sets the value of [validate_only][crate::model::CreateCertificateRequest::validate_only].
    pub fn set_validate_only<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.validate_only = v.into();
        self
    }

    /// Sets the value of [issuing_certificate_authority_id][crate::model::CreateCertificateRequest::issuing_certificate_authority_id].
    pub fn set_issuing_certificate_authority_id<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.issuing_certificate_authority_id = v.into();
        self
    }
}

impl wkt::message::Message for CreateCertificateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CreateCertificateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate]: crate::client::CertificateAuthorityService::get_certificate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCertificateRequest {
    /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
    /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
    /// get.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.Certificate.name]: crate::model::Certificate::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCertificateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCertificateRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCertificateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.GetCertificateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates]: crate::client::CertificateAuthorityService::list_certificates
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificatesRequest {
    /// Required. The resource name of the location associated with the
    /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
    /// format `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub parent: std::string::String,

    /// Optional. Limit on the number of
    /// [Certificates][google.cloud.security.privateca.v1.Certificate] to include
    /// in the response. Further
    /// [Certificates][google.cloud.security.privateca.v1.Certificate] can
    /// subsequently be obtained by including the
    /// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]: crate::model::ListCertificatesResponse::next_page_token
    pub page_size: i32,

    /// Optional. Pagination token, returned earlier via
    /// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
    ///
    /// [google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]: crate::model::ListCertificatesResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response. For
    /// details on supported filters and syntax, see [Certificates Filtering
    /// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted. For details on
    /// supported fields and syntax, see [Certificates Sorting
    /// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificatesRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCertificatesRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCertificatesRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCertificatesRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCertificatesRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCertificatesRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCertificatesRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificatesRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates]: crate::client::CertificateAuthorityService::list_certificates
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificatesResponse {
    /// The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub certificates: std::vec::Vec<crate::model::Certificate>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCertificatesRequest.page_token][google.cloud.security.privateca.v1.ListCertificatesRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.security.privateca.v1.ListCertificatesRequest.page_token]: crate::model::ListCertificatesRequest::page_token
    pub next_page_token: std::string::String,

    /// A list of locations (e.g. "us-west1") that could not be reached.
    pub unreachable: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificatesResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificates][crate::model::ListCertificatesResponse::certificates].
    pub fn set_certificates<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::Certificate>,
    {
        use std::iter::Iterator;
        self.certificates = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCertificatesResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [unreachable][crate::model::ListCertificatesResponse::unreachable].
    pub fn set_unreachable<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.unreachable = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ListCertificatesResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificatesResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCertificatesResponse {
    type PageItem = crate::model::Certificate;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.certificates
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate]: crate::client::CertificateAuthorityService::revoke_certificate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct RevokeCertificateRequest {
    /// Required. The resource name for this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
    /// `projects/*/locations/*/caPools/*/certificates/*`.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub name: std::string::String,

    /// Required. The
    /// [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
    /// revoking this certificate.
    ///
    /// [google.cloud.security.privateca.v1.RevocationReason]: crate::model::RevocationReason
    pub reason: crate::model::RevocationReason,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl RevokeCertificateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::RevokeCertificateRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [reason][crate::model::RevokeCertificateRequest::reason].
    pub fn set_reason<T: std::convert::Into<crate::model::RevocationReason>>(
        mut self,
        v: T,
    ) -> Self {
        self.reason = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::RevokeCertificateRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for RevokeCertificateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.RevokeCertificateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate]: crate::client::CertificateAuthorityService::update_certificate
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCertificateRequest {
    /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
    /// with updated values.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    pub certificate: std::option::Option<crate::model::Certificate>,

    /// Required. A list of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCertificateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate][crate::model::UpdateCertificateRequest::certificate].
    pub fn set_certificate<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::Certificate>,
    {
        self.certificate = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate][crate::model::UpdateCertificateRequest::certificate].
    pub fn set_or_clear_certificate<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::Certificate>,
    {
        self.certificate = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCertificateRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCertificateRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::UpdateCertificateRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for UpdateCertificateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.UpdateCertificateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority]: crate::client::CertificateAuthorityService::activate_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ActivateCertificateAuthorityRequest {
    /// Required. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    /// Required. The signed CA certificate issued from
    /// [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
    ///
    /// [google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr]: crate::model::FetchCertificateAuthorityCsrResponse::pem_csr
    pub pem_ca_certificate: std::string::String,

    /// Required. Must include information about the issuer of
    /// 'pem_ca_certificate', and any further issuers until the self-signed CA.
    pub subordinate_config: std::option::Option<crate::model::SubordinateConfig>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ActivateCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::ActivateCertificateAuthorityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [pem_ca_certificate][crate::model::ActivateCertificateAuthorityRequest::pem_ca_certificate].
    pub fn set_pem_ca_certificate<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.pem_ca_certificate = v.into();
        self
    }

    /// Sets the value of [subordinate_config][crate::model::ActivateCertificateAuthorityRequest::subordinate_config].
    pub fn set_subordinate_config<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::SubordinateConfig>,
    {
        self.subordinate_config = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [subordinate_config][crate::model::ActivateCertificateAuthorityRequest::subordinate_config].
    pub fn set_or_clear_subordinate_config<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::SubordinateConfig>,
    {
        self.subordinate_config = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::ActivateCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for ActivateCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority]: crate::client::CertificateAuthorityService::create_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateCertificateAuthorityRequest {
    /// Required. The resource name of the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
    /// in the format `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub parent: std::string::String,

    /// Required. It must be unique within a location and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`
    pub certificate_authority_id: std::string::String,

    /// Required. A
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// with initial field values.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub certificate_authority: std::option::Option<crate::model::CertificateAuthority>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateCertificateAuthorityRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [certificate_authority_id][crate::model::CreateCertificateAuthorityRequest::certificate_authority_id].
    pub fn set_certificate_authority_id<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.certificate_authority_id = v.into();
        self
    }

    /// Sets the value of [certificate_authority][crate::model::CreateCertificateAuthorityRequest::certificate_authority].
    pub fn set_certificate_authority<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateAuthority>,
    {
        self.certificate_authority = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate_authority][crate::model::CreateCertificateAuthorityRequest::certificate_authority].
    pub fn set_or_clear_certificate_authority<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateAuthority>,
    {
        self.certificate_authority = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::CreateCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for CreateCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority]: crate::client::CertificateAuthorityService::disable_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DisableCertificateAuthorityRequest {
    /// Required. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    /// Optional. This field allows this CA to be disabled even if it's being
    /// depended on by another resource. However, doing so may result in unintended
    /// and unrecoverable effects on any dependent resources since the CA will
    /// no longer be able to issue certificates.
    pub ignore_dependent_resources: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DisableCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DisableCertificateAuthorityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::DisableCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }

    /// Sets the value of [ignore_dependent_resources][crate::model::DisableCertificateAuthorityRequest::ignore_dependent_resources].
    pub fn set_ignore_dependent_resources<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.ignore_dependent_resources = v.into();
        self
    }
}

impl wkt::message::Message for DisableCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority]: crate::client::CertificateAuthorityService::enable_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct EnableCertificateAuthorityRequest {
    /// Required. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl EnableCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::EnableCertificateAuthorityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::EnableCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for EnableCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr]: crate::client::CertificateAuthorityService::fetch_certificate_authority_csr
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct FetchCertificateAuthorityCsrRequest {
    /// Required. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl FetchCertificateAuthorityCsrRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::FetchCertificateAuthorityCsrRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for FetchCertificateAuthorityCsrRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr]: crate::client::CertificateAuthorityService::fetch_certificate_authority_csr
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct FetchCertificateAuthorityCsrResponse {
    /// Output only. The PEM-encoded signed certificate signing request (CSR).
    pub pem_csr: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl FetchCertificateAuthorityCsrResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [pem_csr][crate::model::FetchCertificateAuthorityCsrResponse::pem_csr].
    pub fn set_pem_csr<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.pem_csr = v.into();
        self
    }
}

impl wkt::message::Message for FetchCertificateAuthorityCsrResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse"
    }
}

/// Request message for
/// [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority]: crate::client::CertificateAuthorityService::get_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCertificateAuthorityRequest {
    /// Required. The
    /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// to get.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.CertificateAuthority.name]: crate::model::CertificateAuthority::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCertificateAuthorityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.GetCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities]: crate::client::CertificateAuthorityService::list_certificate_authorities
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificateAuthoritiesRequest {
    /// Required. The resource name of the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
    /// in the format `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub parent: std::string::String,

    /// Optional. Limit on the number of
    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
    /// to include in the response. Further
    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
    /// can subsequently be obtained by including the
    /// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    /// [google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]: crate::model::ListCertificateAuthoritiesResponse::next_page_token
    pub page_size: i32,

    /// Optional. Pagination token, returned earlier via
    /// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]: crate::model::ListCertificateAuthoritiesResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response.
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted.
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificateAuthoritiesRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCertificateAuthoritiesRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCertificateAuthoritiesRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCertificateAuthoritiesRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCertificateAuthoritiesRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCertificateAuthoritiesRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCertificateAuthoritiesRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities]: crate::client::CertificateAuthorityService::list_certificate_authorities
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificateAuthoritiesResponse {
    /// The list of
    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub certificate_authorities: std::vec::Vec<crate::model::CertificateAuthority>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCertificateAuthoritiesRequest.page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.page_token]: crate::model::ListCertificateAuthoritiesRequest::page_token
    pub next_page_token: std::string::String,

    /// A list of locations (e.g. "us-west1") that could not be reached.
    pub unreachable: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificateAuthoritiesResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate_authorities][crate::model::ListCertificateAuthoritiesResponse::certificate_authorities].
    pub fn set_certificate_authorities<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CertificateAuthority>,
    {
        use std::iter::Iterator;
        self.certificate_authorities = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCertificateAuthoritiesResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [unreachable][crate::model::ListCertificateAuthoritiesResponse::unreachable].
    pub fn set_unreachable<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.unreachable = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ListCertificateAuthoritiesResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCertificateAuthoritiesResponse {
    type PageItem = crate::model::CertificateAuthority;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.certificate_authorities
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]: crate::client::CertificateAuthorityService::undelete_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UndeleteCertificateAuthorityRequest {
    /// Required. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UndeleteCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::UndeleteCertificateAuthorityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::UndeleteCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for UndeleteCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority]: crate::client::CertificateAuthorityService::delete_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteCertificateAuthorityRequest {
    /// Required. The resource name for this
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub name: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    /// Optional. This field allows the CA to be deleted even if the CA has
    /// active certs. Active certs include both unrevoked and unexpired certs.
    pub ignore_active_certificates: bool,

    /// Optional. If this flag is set, the Certificate Authority will be deleted as
    /// soon as possible without a 30-day grace period where undeletion would have
    /// been allowed. If you proceed, there will be no way to recover this CA.
    pub skip_grace_period: bool,

    /// Optional. This field allows this CA to be deleted even if it's being
    /// depended on by another resource. However, doing so may result in unintended
    /// and unrecoverable effects on any dependent resources since the CA will
    /// no longer be able to issue certificates.
    pub ignore_dependent_resources: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteCertificateAuthorityRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::DeleteCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }

    /// Sets the value of [ignore_active_certificates][crate::model::DeleteCertificateAuthorityRequest::ignore_active_certificates].
    pub fn set_ignore_active_certificates<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.ignore_active_certificates = v.into();
        self
    }

    /// Sets the value of [skip_grace_period][crate::model::DeleteCertificateAuthorityRequest::skip_grace_period].
    pub fn set_skip_grace_period<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.skip_grace_period = v.into();
        self
    }

    /// Sets the value of [ignore_dependent_resources][crate::model::DeleteCertificateAuthorityRequest::ignore_dependent_resources].
    pub fn set_ignore_dependent_resources<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.ignore_dependent_resources = v.into();
        self
    }
}

impl wkt::message::Message for DeleteCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority]: crate::client::CertificateAuthorityService::update_certificate_authority
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCertificateAuthorityRequest {
    /// Required.
    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    /// with updated values.
    ///
    /// [google.cloud.security.privateca.v1.CertificateAuthority]: crate::model::CertificateAuthority
    pub certificate_authority: std::option::Option<crate::model::CertificateAuthority>,

    /// Required. A list of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCertificateAuthorityRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate_authority][crate::model::UpdateCertificateAuthorityRequest::certificate_authority].
    pub fn set_certificate_authority<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateAuthority>,
    {
        self.certificate_authority = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate_authority][crate::model::UpdateCertificateAuthorityRequest::certificate_authority].
    pub fn set_or_clear_certificate_authority<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateAuthority>,
    {
        self.certificate_authority = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCertificateAuthorityRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCertificateAuthorityRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::UpdateCertificateAuthorityRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for UpdateCertificateAuthorityRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool]: crate::client::CertificateAuthorityService::create_ca_pool
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateCaPoolRequest {
    /// Required. The resource name of the location associated with the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
    /// `projects/*/locations/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub parent: std::string::String,

    /// Required. It must be unique within a location and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`
    pub ca_pool_id: std::string::String,

    /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
    /// initial field values.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub ca_pool: std::option::Option<crate::model::CaPool>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateCaPoolRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateCaPoolRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [ca_pool_id][crate::model::CreateCaPoolRequest::ca_pool_id].
    pub fn set_ca_pool_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.ca_pool_id = v.into();
        self
    }

    /// Sets the value of [ca_pool][crate::model::CreateCaPoolRequest::ca_pool].
    pub fn set_ca_pool<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CaPool>,
    {
        self.ca_pool = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ca_pool][crate::model::CreateCaPoolRequest::ca_pool].
    pub fn set_or_clear_ca_pool<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CaPool>,
    {
        self.ca_pool = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::CreateCaPoolRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for CreateCaPoolRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CreateCaPoolRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool]: crate::client::CertificateAuthorityService::update_ca_pool
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCaPoolRequest {
    /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
    /// values.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub ca_pool: std::option::Option<crate::model::CaPool>,

    /// Required. A list of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCaPoolRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ca_pool][crate::model::UpdateCaPoolRequest::ca_pool].
    pub fn set_ca_pool<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CaPool>,
    {
        self.ca_pool = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [ca_pool][crate::model::UpdateCaPoolRequest::ca_pool].
    pub fn set_or_clear_ca_pool<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CaPool>,
    {
        self.ca_pool = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCaPoolRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCaPoolRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::UpdateCaPoolRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for UpdateCaPoolRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.UpdateCaPoolRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool]: crate::client::CertificateAuthorityService::delete_ca_pool
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteCaPoolRequest {
    /// Required. The resource name for this
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
    /// `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub name: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    /// Optional. This field allows this pool to be deleted even if it's being
    /// depended on by another resource. However, doing so may result in unintended
    /// and unrecoverable effects on any dependent resources since the pool will
    /// no longer be able to issue certificates.
    pub ignore_dependent_resources: bool,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteCaPoolRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteCaPoolRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::DeleteCaPoolRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }

    /// Sets the value of [ignore_dependent_resources][crate::model::DeleteCaPoolRequest::ignore_dependent_resources].
    pub fn set_ignore_dependent_resources<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.ignore_dependent_resources = v.into();
        self
    }
}

impl wkt::message::Message for DeleteCaPoolRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.DeleteCaPoolRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts]: crate::client::CertificateAuthorityService::fetch_ca_certs
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct FetchCaCertsRequest {
    /// Required. The resource name for the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
    /// `projects/*/locations/*/caPools/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub ca_pool: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl FetchCaCertsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ca_pool][crate::model::FetchCaCertsRequest::ca_pool].
    pub fn set_ca_pool<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.ca_pool = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::FetchCaCertsRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for FetchCaCertsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.FetchCaCertsRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts]: crate::client::CertificateAuthorityService::fetch_ca_certs
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct FetchCaCertsResponse {
    /// The PEM encoded CA certificate chains of all certificate authorities in
    /// this [CaPool][google.cloud.security.privateca.v1.CaPool] in the ENABLED,
    /// DISABLED, or STAGED states.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub ca_certs: std::vec::Vec<crate::model::fetch_ca_certs_response::CertChain>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl FetchCaCertsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ca_certs][crate::model::FetchCaCertsResponse::ca_certs].
    pub fn set_ca_certs<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::fetch_ca_certs_response::CertChain>,
    {
        use std::iter::Iterator;
        self.ca_certs = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for FetchCaCertsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.FetchCaCertsResponse"
    }
}

/// Defines additional types related to [FetchCaCertsResponse].
pub mod fetch_ca_certs_response {
    #[allow(unused_imports)]
    use super::*;

    #[derive(Clone, Default, PartialEq)]
    #[non_exhaustive]
    pub struct CertChain {
        /// The certificates that form the CA chain, from leaf to root order.
        pub certificates: std::vec::Vec<std::string::String>,

        pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
    }

    impl CertChain {
        pub fn new() -> Self {
            std::default::Default::default()
        }

        /// Sets the value of [certificates][crate::model::fetch_ca_certs_response::CertChain::certificates].
        pub fn set_certificates<T, V>(mut self, v: T) -> Self
        where
            T: std::iter::IntoIterator<Item = V>,
            V: std::convert::Into<std::string::String>,
        {
            use std::iter::Iterator;
            self.certificates = v.into_iter().map(|i| i.into()).collect();
            self
        }
    }

    impl wkt::message::Message for CertChain {
        fn typename() -> &'static str {
            "type.googleapis.com/google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain"
        }
    }
}

/// Request message for
/// [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool]: crate::client::CertificateAuthorityService::get_ca_pool
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCaPoolRequest {
    /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
    /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.CaPool.name]: crate::model::CaPool::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCaPoolRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCaPoolRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCaPoolRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.GetCaPoolRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools]: crate::client::CertificateAuthorityService::list_ca_pools
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCaPoolsRequest {
    /// Required. The resource name of the location associated with the
    /// [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
    /// `projects/*/locations/*`.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub parent: std::string::String,

    /// Optional. Limit on the number of
    /// [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
    /// response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
    /// subsequently be obtained by including the
    /// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    /// [google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]: crate::model::ListCaPoolsResponse::next_page_token
    pub page_size: i32,

    /// Optional. Pagination token, returned earlier via
    /// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
    ///
    /// [google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]: crate::model::ListCaPoolsResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response.
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted.
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCaPoolsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCaPoolsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCaPoolsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCaPoolsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCaPoolsRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCaPoolsRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCaPoolsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCaPoolsRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools]: crate::client::CertificateAuthorityService::list_ca_pools
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCaPoolsResponse {
    /// The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
    ///
    /// [google.cloud.security.privateca.v1.CaPool]: crate::model::CaPool
    pub ca_pools: std::vec::Vec<crate::model::CaPool>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCertificateAuthoritiesRequest.page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.page_token]: crate::model::ListCertificateAuthoritiesRequest::page_token
    pub next_page_token: std::string::String,

    /// A list of locations (e.g. "us-west1") that could not be reached.
    pub unreachable: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCaPoolsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [ca_pools][crate::model::ListCaPoolsResponse::ca_pools].
    pub fn set_ca_pools<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CaPool>,
    {
        use std::iter::Iterator;
        self.ca_pools = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCaPoolsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [unreachable][crate::model::ListCaPoolsResponse::unreachable].
    pub fn set_unreachable<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.unreachable = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ListCaPoolsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCaPoolsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCaPoolsResponse {
    type PageItem = crate::model::CaPool;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.ca_pools
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList]: crate::client::CertificateAuthorityService::get_certificate_revocation_list
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCertificateRevocationListRequest {
    /// Required. The
    /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
    /// of the
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// to get.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    /// [google.cloud.security.privateca.v1.CertificateRevocationList.name]: crate::model::CertificateRevocationList::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCertificateRevocationListRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCertificateRevocationListRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCertificateRevocationListRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.GetCertificateRevocationListRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists]: crate::client::CertificateAuthorityService::list_certificate_revocation_lists
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificateRevocationListsRequest {
    /// Required. The resource name of the location associated with the
    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub parent: std::string::String,

    /// Optional. Limit on the number of
    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// to include in the response. Further
    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// can subsequently be obtained by including the
    /// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    /// [google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]: crate::model::ListCertificateRevocationListsResponse::next_page_token
    pub page_size: i32,

    /// Optional. Pagination token, returned earlier via
    /// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]: crate::model::ListCertificateRevocationListsResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response.
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted.
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificateRevocationListsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCertificateRevocationListsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCertificateRevocationListsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCertificateRevocationListsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCertificateRevocationListsRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCertificateRevocationListsRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCertificateRevocationListsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists]: crate::client::CertificateAuthorityService::list_certificate_revocation_lists
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificateRevocationListsResponse {
    /// The list of
    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub certificate_revocation_lists: std::vec::Vec<crate::model::CertificateRevocationList>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCertificateRevocationListsRequest.page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.page_token]: crate::model::ListCertificateRevocationListsRequest::page_token
    pub next_page_token: std::string::String,

    /// A list of locations (e.g. "us-west1") that could not be reached.
    pub unreachable: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificateRevocationListsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate_revocation_lists][crate::model::ListCertificateRevocationListsResponse::certificate_revocation_lists].
    pub fn set_certificate_revocation_lists<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CertificateRevocationList>,
    {
        use std::iter::Iterator;
        self.certificate_revocation_lists = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCertificateRevocationListsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [unreachable][crate::model::ListCertificateRevocationListsResponse::unreachable].
    pub fn set_unreachable<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.unreachable = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ListCertificateRevocationListsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCertificateRevocationListsResponse {
    type PageItem = crate::model::CertificateRevocationList;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.certificate_revocation_lists
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList]: crate::client::CertificateAuthorityService::update_certificate_revocation_list
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCertificateRevocationListRequest {
    /// Required.
    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
    /// with updated values.
    ///
    /// [google.cloud.security.privateca.v1.CertificateRevocationList]: crate::model::CertificateRevocationList
    pub certificate_revocation_list: std::option::Option<crate::model::CertificateRevocationList>,

    /// Required. A list of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCertificateRevocationListRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate_revocation_list][crate::model::UpdateCertificateRevocationListRequest::certificate_revocation_list].
    pub fn set_certificate_revocation_list<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateRevocationList>,
    {
        self.certificate_revocation_list = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate_revocation_list][crate::model::UpdateCertificateRevocationListRequest::certificate_revocation_list].
    pub fn set_or_clear_certificate_revocation_list<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateRevocationList>,
    {
        self.certificate_revocation_list = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCertificateRevocationListRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCertificateRevocationListRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::UpdateCertificateRevocationListRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for UpdateCertificateRevocationListRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate]: crate::client::CertificateAuthorityService::create_certificate_template
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct CreateCertificateTemplateRequest {
    /// Required. The resource name of the location associated with the
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
    /// in the format `projects/*/locations/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub parent: std::string::String,

    /// Required. It must be unique within a location and match the regular
    /// expression `[a-zA-Z0-9_-]{1,63}`
    pub certificate_template_id: std::string::String,

    /// Required. A
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// with initial field values.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub certificate_template: std::option::Option<crate::model::CertificateTemplate>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateCertificateTemplateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateCertificateTemplateRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [certificate_template_id][crate::model::CreateCertificateTemplateRequest::certificate_template_id].
    pub fn set_certificate_template_id<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.certificate_template_id = v.into();
        self
    }

    /// Sets the value of [certificate_template][crate::model::CreateCertificateTemplateRequest::certificate_template].
    pub fn set_certificate_template<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateTemplate>,
    {
        self.certificate_template = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate_template][crate::model::CreateCertificateTemplateRequest::certificate_template].
    pub fn set_or_clear_certificate_template<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateTemplate>,
    {
        self.certificate_template = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::CreateCertificateTemplateRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for CreateCertificateTemplateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.CreateCertificateTemplateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate]: crate::client::CertificateAuthorityService::delete_certificate_template
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct DeleteCertificateTemplateRequest {
    /// Required. The resource name for this
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// in the format `projects/*/locations/*/certificateTemplates/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub name: std::string::String,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteCertificateTemplateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteCertificateTemplateRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [request_id][crate::model::DeleteCertificateTemplateRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for DeleteCertificateTemplateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate]: crate::client::CertificateAuthorityService::get_certificate_template
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct GetCertificateTemplateRequest {
    /// Required. The
    /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// to get.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    /// [google.cloud.security.privateca.v1.CertificateTemplate.name]: crate::model::CertificateTemplate::name
    pub name: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetCertificateTemplateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetCertificateTemplateRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetCertificateTemplateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.GetCertificateTemplateRequest"
    }
}

/// Request message for
/// [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates]: crate::client::CertificateAuthorityService::list_certificate_templates
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificateTemplatesRequest {
    /// Required. The resource name of the location associated with the
    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
    /// in the format `projects/*/locations/*`.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub parent: std::string::String,

    /// Optional. Limit on the number of
    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
    /// to include in the response. Further
    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
    /// can subsequently be obtained by including the
    /// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
    /// in a subsequent request. If unspecified, the server will pick an
    /// appropriate default.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    /// [google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]: crate::model::ListCertificateTemplatesResponse::next_page_token
    pub page_size: i32,

    /// Optional. Pagination token, returned earlier via
    /// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]: crate::model::ListCertificateTemplatesResponse::next_page_token
    pub page_token: std::string::String,

    /// Optional. Only include resources that match the filter in the response.
    pub filter: std::string::String,

    /// Optional. Specify how the results should be sorted.
    pub order_by: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificateTemplatesRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListCertificateTemplatesRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListCertificateTemplatesRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListCertificateTemplatesRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }

    /// Sets the value of [filter][crate::model::ListCertificateTemplatesRequest::filter].
    pub fn set_filter<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.filter = v.into();
        self
    }

    /// Sets the value of [order_by][crate::model::ListCertificateTemplatesRequest::order_by].
    pub fn set_order_by<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.order_by = v.into();
        self
    }
}

impl wkt::message::Message for ListCertificateTemplatesRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificateTemplatesRequest"
    }
}

/// Response message for
/// [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates]: crate::client::CertificateAuthorityService::list_certificate_templates
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct ListCertificateTemplatesResponse {
    /// The list of
    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub certificate_templates: std::vec::Vec<crate::model::CertificateTemplate>,

    /// A token to retrieve next page of results. Pass this value in
    /// [ListCertificateTemplatesRequest.page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.page_token]
    /// to retrieve the next page of results.
    ///
    /// [google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.page_token]: crate::model::ListCertificateTemplatesRequest::page_token
    pub next_page_token: std::string::String,

    /// A list of locations (e.g. "us-west1") that could not be reached.
    pub unreachable: std::vec::Vec<std::string::String>,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListCertificateTemplatesResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate_templates][crate::model::ListCertificateTemplatesResponse::certificate_templates].
    pub fn set_certificate_templates<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::CertificateTemplate>,
    {
        use std::iter::Iterator;
        self.certificate_templates = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListCertificateTemplatesResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }

    /// Sets the value of [unreachable][crate::model::ListCertificateTemplatesResponse::unreachable].
    pub fn set_unreachable<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.unreachable = v.into_iter().map(|i| i.into()).collect();
        self
    }
}

impl wkt::message::Message for ListCertificateTemplatesResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.ListCertificateTemplatesResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListCertificateTemplatesResponse {
    type PageItem = crate::model::CertificateTemplate;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.certificate_templates
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for
/// [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
///
/// [google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate]: crate::client::CertificateAuthorityService::update_certificate_template
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct UpdateCertificateTemplateRequest {
    /// Required.
    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
    /// with updated values.
    ///
    /// [google.cloud.security.privateca.v1.CertificateTemplate]: crate::model::CertificateTemplate
    pub certificate_template: std::option::Option<crate::model::CertificateTemplate>,

    /// Required. A list of fields to be updated in this request.
    pub update_mask: std::option::Option<wkt::FieldMask>,

    /// Optional. An ID to identify requests. Specify a unique request ID so that
    /// if you must retry your request, the server will know to ignore the request
    /// if it has already been completed. The server will guarantee that for at
    /// least 60 minutes since the first request.
    ///
    /// For example, consider a situation where you make an initial request and
    /// the request times out. If you make the request again with the same request
    /// ID, the server can check if original operation with the same request ID
    /// was received, and if so, will ignore the second request. This prevents
    /// clients from accidentally creating duplicate commitments.
    ///
    /// The request ID must be a valid UUID with the exception that zero UUID is
    /// not supported (00000000-0000-0000-0000-000000000000).
    pub request_id: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateCertificateTemplateRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [certificate_template][crate::model::UpdateCertificateTemplateRequest::certificate_template].
    pub fn set_certificate_template<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<crate::model::CertificateTemplate>,
    {
        self.certificate_template = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [certificate_template][crate::model::UpdateCertificateTemplateRequest::certificate_template].
    pub fn set_or_clear_certificate_template<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<crate::model::CertificateTemplate>,
    {
        self.certificate_template = v.map(|x| x.into());
        self
    }

    /// Sets the value of [update_mask][crate::model::UpdateCertificateTemplateRequest::update_mask].
    pub fn set_update_mask<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [update_mask][crate::model::UpdateCertificateTemplateRequest::update_mask].
    pub fn set_or_clear_update_mask<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::FieldMask>,
    {
        self.update_mask = v.map(|x| x.into());
        self
    }

    /// Sets the value of [request_id][crate::model::UpdateCertificateTemplateRequest::request_id].
    pub fn set_request_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.request_id = v.into();
        self
    }
}

impl wkt::message::Message for UpdateCertificateTemplateRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest"
    }
}

/// Represents the metadata of the long-running operation.
#[derive(Clone, Default, PartialEq)]
#[non_exhaustive]
pub struct OperationMetadata {
    /// Output only. The time the operation was created.
    pub create_time: std::option::Option<wkt::Timestamp>,

    /// Output only. The time the operation finished running.
    pub end_time: std::option::Option<wkt::Timestamp>,

    /// Output only. Server-defined resource path for the target of the operation.
    pub target: std::string::String,

    /// Output only. Name of the verb executed by the operation.
    pub verb: std::string::String,

    /// Output only. Human-readable status of the operation, if any.
    pub status_message: std::string::String,

    /// Output only. Identifies whether the user has requested cancellation
    /// of the operation. Operations that have successfully been cancelled
    /// have
    /// [google.longrunning.Operation.error][google.longrunning.Operation.error]
    /// value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
    /// corresponding to `Code.CANCELLED`.
    ///
    /// [google.longrunning.Operation.error]: longrunning::model::Operation::result
    /// [google.rpc.Status.code]: rpc::model::Status::code
    pub requested_cancellation: bool,

    /// Output only. API version used to start the operation.
    pub api_version: std::string::String,

    pub(crate) _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl OperationMetadata {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [create_time][crate::model::OperationMetadata::create_time].
    pub fn set_create_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [create_time][crate::model::OperationMetadata::create_time].
    pub fn set_or_clear_create_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.create_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [end_time][crate::model::OperationMetadata::end_time].
    pub fn set_end_time<T>(mut self, v: T) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.end_time = std::option::Option::Some(v.into());
        self
    }

    /// Sets or clears the value of [end_time][crate::model::OperationMetadata::end_time].
    pub fn set_or_clear_end_time<T>(mut self, v: std::option::Option<T>) -> Self
    where
        T: std::convert::Into<wkt::Timestamp>,
    {
        self.end_time = v.map(|x| x.into());
        self
    }

    /// Sets the value of [target][crate::model::OperationMetadata::target].
    pub fn set_target<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.target = v.into();
        self
    }

    /// Sets the value of [verb][crate::model::OperationMetadata::verb].
    pub fn set_verb<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.verb = v.into();
        self
    }

    /// Sets the value of [status_message][crate::model::OperationMetadata::status_message].
    pub fn set_status_message<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.status_message = v.into();
        self
    }

    /// Sets the value of [requested_cancellation][crate::model::OperationMetadata::requested_cancellation].
    pub fn set_requested_cancellation<T: std::convert::Into<bool>>(mut self, v: T) -> Self {
        self.requested_cancellation = v.into();
        self
    }

    /// Sets the value of [api_version][crate::model::OperationMetadata::api_version].
    pub fn set_api_version<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.api_version = v.into();
        self
    }
}

impl wkt::message::Message for OperationMetadata {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata"
    }
}

/// [AttributeType][google.cloud.security.privateca.v1.AttributeType] specifies
/// the type of Attribute in a relative distinguished name.
///
/// [google.cloud.security.privateca.v1.AttributeType]: crate::model::AttributeType
///
/// # Working with unknown values
///
/// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
/// additional enum variants at any time. Adding new variants is not considered
/// a breaking change. Applications should write their code in anticipation of:
///
/// - New values appearing in future releases of the client library, **and**
/// - New values received dynamically, without application changes.
///
/// Please consult the [Working with enums] section in the user guide for some
/// guidelines.
///
/// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
#[derive(Clone, Debug, PartialEq)]
#[non_exhaustive]
pub enum AttributeType {
    /// Attribute type is unspecified.
    Unspecified,
    /// The "common name" of the subject.
    CommonName,
    /// The country code of the subject.
    CountryCode,
    /// The organization of the subject.
    Organization,
    /// The organizational unit of the subject.
    OrganizationalUnit,
    /// The locality or city of the subject.
    Locality,
    /// The province, territory, or regional state of the subject.
    Province,
    /// The street address of the subject.
    StreetAddress,
    /// The postal code of the subject.
    PostalCode,
    /// If set, the enum was initialized with an unknown value.
    ///
    /// Applications can examine the value using [AttributeType::value] or
    /// [AttributeType::name].
    UnknownValue(attribute_type::UnknownValue),
}

#[doc(hidden)]
pub mod attribute_type {
    #[allow(unused_imports)]
    use super::*;
    #[derive(Clone, Debug, PartialEq)]
    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
}

impl AttributeType {
    /// Gets the enum value.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the string representation of enums.
    pub fn value(&self) -> std::option::Option<i32> {
        match self {
            Self::Unspecified => std::option::Option::Some(0),
            Self::CommonName => std::option::Option::Some(1),
            Self::CountryCode => std::option::Option::Some(2),
            Self::Organization => std::option::Option::Some(3),
            Self::OrganizationalUnit => std::option::Option::Some(4),
            Self::Locality => std::option::Option::Some(5),
            Self::Province => std::option::Option::Some(6),
            Self::StreetAddress => std::option::Option::Some(7),
            Self::PostalCode => std::option::Option::Some(8),
            Self::UnknownValue(u) => u.0.value(),
        }
    }

    /// Gets the enum value as a string.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the integer representation of enums.
    pub fn name(&self) -> std::option::Option<&str> {
        match self {
            Self::Unspecified => std::option::Option::Some("ATTRIBUTE_TYPE_UNSPECIFIED"),
            Self::CommonName => std::option::Option::Some("COMMON_NAME"),
            Self::CountryCode => std::option::Option::Some("COUNTRY_CODE"),
            Self::Organization => std::option::Option::Some("ORGANIZATION"),
            Self::OrganizationalUnit => std::option::Option::Some("ORGANIZATIONAL_UNIT"),
            Self::Locality => std::option::Option::Some("LOCALITY"),
            Self::Province => std::option::Option::Some("PROVINCE"),
            Self::StreetAddress => std::option::Option::Some("STREET_ADDRESS"),
            Self::PostalCode => std::option::Option::Some("POSTAL_CODE"),
            Self::UnknownValue(u) => u.0.name(),
        }
    }
}

impl std::default::Default for AttributeType {
    fn default() -> Self {
        use std::convert::From;
        Self::from(0)
    }
}

impl std::fmt::Display for AttributeType {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
        wkt::internal::display_enum(f, self.name(), self.value())
    }
}

impl std::convert::From<i32> for AttributeType {
    fn from(value: i32) -> Self {
        match value {
            0 => Self::Unspecified,
            1 => Self::CommonName,
            2 => Self::CountryCode,
            3 => Self::Organization,
            4 => Self::OrganizationalUnit,
            5 => Self::Locality,
            6 => Self::Province,
            7 => Self::StreetAddress,
            8 => Self::PostalCode,
            _ => Self::UnknownValue(attribute_type::UnknownValue(
                wkt::internal::UnknownEnumValue::Integer(value),
            )),
        }
    }
}

impl std::convert::From<&str> for AttributeType {
    fn from(value: &str) -> Self {
        use std::string::ToString;
        match value {
            "ATTRIBUTE_TYPE_UNSPECIFIED" => Self::Unspecified,
            "COMMON_NAME" => Self::CommonName,
            "COUNTRY_CODE" => Self::CountryCode,
            "ORGANIZATION" => Self::Organization,
            "ORGANIZATIONAL_UNIT" => Self::OrganizationalUnit,
            "LOCALITY" => Self::Locality,
            "PROVINCE" => Self::Province,
            "STREET_ADDRESS" => Self::StreetAddress,
            "POSTAL_CODE" => Self::PostalCode,
            _ => Self::UnknownValue(attribute_type::UnknownValue(
                wkt::internal::UnknownEnumValue::String(value.to_string()),
            )),
        }
    }
}

impl serde::ser::Serialize for AttributeType {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        match self {
            Self::Unspecified => serializer.serialize_i32(0),
            Self::CommonName => serializer.serialize_i32(1),
            Self::CountryCode => serializer.serialize_i32(2),
            Self::Organization => serializer.serialize_i32(3),
            Self::OrganizationalUnit => serializer.serialize_i32(4),
            Self::Locality => serializer.serialize_i32(5),
            Self::Province => serializer.serialize_i32(6),
            Self::StreetAddress => serializer.serialize_i32(7),
            Self::PostalCode => serializer.serialize_i32(8),
            Self::UnknownValue(u) => u.0.serialize(serializer),
        }
    }
}

impl<'de> serde::de::Deserialize<'de> for AttributeType {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        deserializer.deserialize_any(wkt::internal::EnumVisitor::<AttributeType>::new(
            ".google.cloud.security.privateca.v1.AttributeType",
        ))
    }
}

/// A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason]
/// indicates whether a
/// [Certificate][google.cloud.security.privateca.v1.Certificate] has been
/// revoked, and the reason for revocation. These correspond to standard
/// revocation reasons from RFC 5280. Note that the enum labels and values in
/// this definition are not the same ASN.1 values defined in RFC 5280. These
/// values will be translated to the correct ASN.1 values when a CRL is created.
///
/// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
/// [google.cloud.security.privateca.v1.RevocationReason]: crate::model::RevocationReason
///
/// # Working with unknown values
///
/// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
/// additional enum variants at any time. Adding new variants is not considered
/// a breaking change. Applications should write their code in anticipation of:
///
/// - New values appearing in future releases of the client library, **and**
/// - New values received dynamically, without application changes.
///
/// Please consult the [Working with enums] section in the user guide for some
/// guidelines.
///
/// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
#[derive(Clone, Debug, PartialEq)]
#[non_exhaustive]
pub enum RevocationReason {
    /// Default unspecified value. This value does indicate that a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] has been
    /// revoked, but that a reason has not been recorded.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    Unspecified,
    /// Key material for this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] may have
    /// leaked.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    KeyCompromise,
    /// The key material for a certificate authority in the issuing path may have
    /// leaked.
    CertificateAuthorityCompromise,
    /// The subject or other attributes in this
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    AffiliationChanged,
    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] has been
    /// superseded.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    Superseded,
    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] or
    /// entities in the issuing path have ceased to operate.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    CessationOfOperation,
    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] should
    /// not be considered valid, it is expected that it may become valid in the
    /// future.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    CertificateHold,
    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] no
    /// longer has permission to assert the listed attributes.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    PrivilegeWithdrawn,
    /// The authority which determines appropriate attributes for a
    /// [Certificate][google.cloud.security.privateca.v1.Certificate] may have been
    /// compromised.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    AttributeAuthorityCompromise,
    /// If set, the enum was initialized with an unknown value.
    ///
    /// Applications can examine the value using [RevocationReason::value] or
    /// [RevocationReason::name].
    UnknownValue(revocation_reason::UnknownValue),
}

#[doc(hidden)]
pub mod revocation_reason {
    #[allow(unused_imports)]
    use super::*;
    #[derive(Clone, Debug, PartialEq)]
    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
}

impl RevocationReason {
    /// Gets the enum value.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the string representation of enums.
    pub fn value(&self) -> std::option::Option<i32> {
        match self {
            Self::Unspecified => std::option::Option::Some(0),
            Self::KeyCompromise => std::option::Option::Some(1),
            Self::CertificateAuthorityCompromise => std::option::Option::Some(2),
            Self::AffiliationChanged => std::option::Option::Some(3),
            Self::Superseded => std::option::Option::Some(4),
            Self::CessationOfOperation => std::option::Option::Some(5),
            Self::CertificateHold => std::option::Option::Some(6),
            Self::PrivilegeWithdrawn => std::option::Option::Some(7),
            Self::AttributeAuthorityCompromise => std::option::Option::Some(8),
            Self::UnknownValue(u) => u.0.value(),
        }
    }

    /// Gets the enum value as a string.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the integer representation of enums.
    pub fn name(&self) -> std::option::Option<&str> {
        match self {
            Self::Unspecified => std::option::Option::Some("REVOCATION_REASON_UNSPECIFIED"),
            Self::KeyCompromise => std::option::Option::Some("KEY_COMPROMISE"),
            Self::CertificateAuthorityCompromise => {
                std::option::Option::Some("CERTIFICATE_AUTHORITY_COMPROMISE")
            }
            Self::AffiliationChanged => std::option::Option::Some("AFFILIATION_CHANGED"),
            Self::Superseded => std::option::Option::Some("SUPERSEDED"),
            Self::CessationOfOperation => std::option::Option::Some("CESSATION_OF_OPERATION"),
            Self::CertificateHold => std::option::Option::Some("CERTIFICATE_HOLD"),
            Self::PrivilegeWithdrawn => std::option::Option::Some("PRIVILEGE_WITHDRAWN"),
            Self::AttributeAuthorityCompromise => {
                std::option::Option::Some("ATTRIBUTE_AUTHORITY_COMPROMISE")
            }
            Self::UnknownValue(u) => u.0.name(),
        }
    }
}

impl std::default::Default for RevocationReason {
    fn default() -> Self {
        use std::convert::From;
        Self::from(0)
    }
}

impl std::fmt::Display for RevocationReason {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
        wkt::internal::display_enum(f, self.name(), self.value())
    }
}

impl std::convert::From<i32> for RevocationReason {
    fn from(value: i32) -> Self {
        match value {
            0 => Self::Unspecified,
            1 => Self::KeyCompromise,
            2 => Self::CertificateAuthorityCompromise,
            3 => Self::AffiliationChanged,
            4 => Self::Superseded,
            5 => Self::CessationOfOperation,
            6 => Self::CertificateHold,
            7 => Self::PrivilegeWithdrawn,
            8 => Self::AttributeAuthorityCompromise,
            _ => Self::UnknownValue(revocation_reason::UnknownValue(
                wkt::internal::UnknownEnumValue::Integer(value),
            )),
        }
    }
}

impl std::convert::From<&str> for RevocationReason {
    fn from(value: &str) -> Self {
        use std::string::ToString;
        match value {
            "REVOCATION_REASON_UNSPECIFIED" => Self::Unspecified,
            "KEY_COMPROMISE" => Self::KeyCompromise,
            "CERTIFICATE_AUTHORITY_COMPROMISE" => Self::CertificateAuthorityCompromise,
            "AFFILIATION_CHANGED" => Self::AffiliationChanged,
            "SUPERSEDED" => Self::Superseded,
            "CESSATION_OF_OPERATION" => Self::CessationOfOperation,
            "CERTIFICATE_HOLD" => Self::CertificateHold,
            "PRIVILEGE_WITHDRAWN" => Self::PrivilegeWithdrawn,
            "ATTRIBUTE_AUTHORITY_COMPROMISE" => Self::AttributeAuthorityCompromise,
            _ => Self::UnknownValue(revocation_reason::UnknownValue(
                wkt::internal::UnknownEnumValue::String(value.to_string()),
            )),
        }
    }
}

impl serde::ser::Serialize for RevocationReason {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        match self {
            Self::Unspecified => serializer.serialize_i32(0),
            Self::KeyCompromise => serializer.serialize_i32(1),
            Self::CertificateAuthorityCompromise => serializer.serialize_i32(2),
            Self::AffiliationChanged => serializer.serialize_i32(3),
            Self::Superseded => serializer.serialize_i32(4),
            Self::CessationOfOperation => serializer.serialize_i32(5),
            Self::CertificateHold => serializer.serialize_i32(6),
            Self::PrivilegeWithdrawn => serializer.serialize_i32(7),
            Self::AttributeAuthorityCompromise => serializer.serialize_i32(8),
            Self::UnknownValue(u) => u.0.serialize(serializer),
        }
    }
}

impl<'de> serde::de::Deserialize<'de> for RevocationReason {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        deserializer.deserialize_any(wkt::internal::EnumVisitor::<RevocationReason>::new(
            ".google.cloud.security.privateca.v1.RevocationReason",
        ))
    }
}

/// Describes the way in which a
/// [Certificate][google.cloud.security.privateca.v1.Certificate]'s
/// [Subject][google.cloud.security.privateca.v1.Subject] and/or
/// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be
/// resolved.
///
/// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
/// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
/// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
///
/// # Working with unknown values
///
/// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
/// additional enum variants at any time. Adding new variants is not considered
/// a breaking change. Applications should write their code in anticipation of:
///
/// - New values appearing in future releases of the client library, **and**
/// - New values received dynamically, without application changes.
///
/// Please consult the [Working with enums] section in the user guide for some
/// guidelines.
///
/// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
#[derive(Clone, Debug, PartialEq)]
#[non_exhaustive]
pub enum SubjectRequestMode {
    /// Not specified.
    Unspecified,
    /// The default mode used in most cases. Indicates that the certificate's
    /// [Subject][google.cloud.security.privateca.v1.Subject] and/or
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are
    /// specified in the certificate request. This mode requires the caller to have
    /// the `privateca.certificates.create` permission.
    ///
    /// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
    /// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
    Default,
    /// A mode used to get an accurate representation of the Subject
    /// field's distinguished name. Indicates that the certificate's
    /// [Subject][google.cloud.security.privateca.v1.Subject] and/or
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are
    /// specified in the certificate request. When parsing a PEM CSR this mode will
    /// maintain the sequence of RDNs found in the CSR's subject field in the
    /// issued [Certificate][google.cloud.security.privateca.v1.Certificate]. This
    /// mode requires the caller to have the `privateca.certificates.create`
    /// permission.
    ///
    /// [google.cloud.security.privateca.v1.Certificate]: crate::model::Certificate
    /// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
    /// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
    RdnSequence,
    /// A mode reserved for special cases. Indicates that the certificate should
    /// have one SPIFFE
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set
    /// by the service based on the caller's identity. This mode will ignore any
    /// explicitly specified [Subject][google.cloud.security.privateca.v1.Subject]
    /// and/or
    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in
    /// the certificate request. This mode requires the caller to have the
    /// `privateca.certificates.createForSelf` permission.
    ///
    /// [google.cloud.security.privateca.v1.Subject]: crate::model::Subject
    /// [google.cloud.security.privateca.v1.SubjectAltNames]: crate::model::SubjectAltNames
    ReflectedSpiffe,
    /// If set, the enum was initialized with an unknown value.
    ///
    /// Applications can examine the value using [SubjectRequestMode::value] or
    /// [SubjectRequestMode::name].
    UnknownValue(subject_request_mode::UnknownValue),
}

#[doc(hidden)]
pub mod subject_request_mode {
    #[allow(unused_imports)]
    use super::*;
    #[derive(Clone, Debug, PartialEq)]
    pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
}

impl SubjectRequestMode {
    /// Gets the enum value.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the string representation of enums.
    pub fn value(&self) -> std::option::Option<i32> {
        match self {
            Self::Unspecified => std::option::Option::Some(0),
            Self::Default => std::option::Option::Some(1),
            Self::RdnSequence => std::option::Option::Some(3),
            Self::ReflectedSpiffe => std::option::Option::Some(2),
            Self::UnknownValue(u) => u.0.value(),
        }
    }

    /// Gets the enum value as a string.
    ///
    /// Returns `None` if the enum contains an unknown value deserialized from
    /// the integer representation of enums.
    pub fn name(&self) -> std::option::Option<&str> {
        match self {
            Self::Unspecified => std::option::Option::Some("SUBJECT_REQUEST_MODE_UNSPECIFIED"),
            Self::Default => std::option::Option::Some("DEFAULT"),
            Self::RdnSequence => std::option::Option::Some("RDN_SEQUENCE"),
            Self::ReflectedSpiffe => std::option::Option::Some("REFLECTED_SPIFFE"),
            Self::UnknownValue(u) => u.0.name(),
        }
    }
}

impl std::default::Default for SubjectRequestMode {
    fn default() -> Self {
        use std::convert::From;
        Self::from(0)
    }
}

impl std::fmt::Display for SubjectRequestMode {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
        wkt::internal::display_enum(f, self.name(), self.value())
    }
}

impl std::convert::From<i32> for SubjectRequestMode {
    fn from(value: i32) -> Self {
        match value {
            0 => Self::Unspecified,
            1 => Self::Default,
            2 => Self::ReflectedSpiffe,
            3 => Self::RdnSequence,
            _ => Self::UnknownValue(subject_request_mode::UnknownValue(
                wkt::internal::UnknownEnumValue::Integer(value),
            )),
        }
    }
}

impl std::convert::From<&str> for SubjectRequestMode {
    fn from(value: &str) -> Self {
        use std::string::ToString;
        match value {
            "SUBJECT_REQUEST_MODE_UNSPECIFIED" => Self::Unspecified,
            "DEFAULT" => Self::Default,
            "RDN_SEQUENCE" => Self::RdnSequence,
            "REFLECTED_SPIFFE" => Self::ReflectedSpiffe,
            _ => Self::UnknownValue(subject_request_mode::UnknownValue(
                wkt::internal::UnknownEnumValue::String(value.to_string()),
            )),
        }
    }
}

impl serde::ser::Serialize for SubjectRequestMode {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: serde::Serializer,
    {
        match self {
            Self::Unspecified => serializer.serialize_i32(0),
            Self::Default => serializer.serialize_i32(1),
            Self::RdnSequence => serializer.serialize_i32(3),
            Self::ReflectedSpiffe => serializer.serialize_i32(2),
            Self::UnknownValue(u) => u.0.serialize(serializer),
        }
    }
}

impl<'de> serde::de::Deserialize<'de> for SubjectRequestMode {
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        deserializer.deserialize_any(wkt::internal::EnumVisitor::<SubjectRequestMode>::new(
            ".google.cloud.security.privateca.v1.SubjectRequestMode",
        ))
    }
}
